code002lover/IPost
1
0
Fork 0
Code Issues 1 Pull Requests 8 Packages Projects Releases Wiki Activity

fix error + format

Browse Source
This commit is contained in:
code002lover 2025-04-29 00:28:50 +02:00
parent 3307f89d7d
commit 99f1890257
63 changed files with 9380 additions and 7015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/workflows/node.js.yml vendored
View File

@ -4,28 +4,27 @@
name: Node.js CI name: Node.js CI
on: on:
push: push:
branches: [ "master" ] branches: ['master']
pull_request: pull_request:
branches: [ "master" ] branches: ['master']
jobs: jobs:
build: build:
runs-on: ubuntu-latest
runs-on: ubuntu-latest strategy:
matrix:
node-version: [12.x, 14.x, 16.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
strategy: steps:
matrix: - uses: actions/checkout@v3
node-version: [12.x, 14.x, 16.x] - name: Use Node.js ${{ matrix.node-version }}
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/ uses: actions/setup-node@v3
with:
steps: node-version: ${{ matrix.node-version }}
- uses: actions/checkout@v3 cache: 'npm'
- name: Use Node.js ${{ matrix.node-version }} - run: npm ci
uses: actions/setup-node@v3 - run: npm run build --if-present
with: - run: npm test
node-version: ${{ matrix.node-version }}
cache: 'npm'
- run: npm ci
- run: npm run build --if-present
- run: npm test

1
.husky/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
_

4
.husky/pre-commit Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
npx lint-staged

2
.prettierignore Normal file
View File

@ -0,0 +1,2 @@
views/
pnpm-lock.yaml

4
.prettierrc.toml Normal file
View File

@ -0,0 +1,4 @@
trailingComma = "es5"
tabWidth = 4
semi = false
singleQuote = true

1
README.md
View File

@ -1,3 +1,4 @@
# IPost # IPost
IPost, formerly known as "authwebsite" is a chatting platform that also server as a gateway for me to have authentication for my other projects. IPost, formerly known as "authwebsite" is a chatting platform that also server as a gateway for me to have authentication for my other projects.
You can visit IPost under https://ipost.rocks You can visit IPost under https://ipost.rocks

46
css/changePW.css
View File

@ -1,37 +1,37 @@
body { body {
text-align: center; text-align: center;
background: black; background: black;
} }
div { div {
align-items: center; align-items: center;
text-align: center; text-align: center;
border-radius: 20px; border-radius: 20px;
border: 5px solid black; border: 5px solid black;
display: inline-block; display: inline-block;
padding: 5%; padding: 5%;
padding-top: 1%; padding-top: 1%;
background-color: darkgray; background-color: darkgray;
} }
button { button {
border-radius: 5px; border-radius: 5px;
font-size: 19px; font-size: 19px;
background-color: purple; background-color: purple;
color: white; color: white;
} }
input { input {
border-radius: 8px; border-radius: 8px;
font-size: 20px; font-size: 20px;
text-align: center; text-align: center;
background-color: darkgray; background-color: darkgray;
color: black; color: black;
} }
label { label {
display: inline-block; display: inline-block;
width: 150px; width: 150px;
text-align: right; text-align: right;
font-size: 18px; font-size: 18px;
} }

115
css/global.css
View File

@ -1,131 +1,132 @@
:root { :root {
--green: #C2F9BB; /* links etc */ --green: #c2f9bb; /* links etc */
--fg-color: #303034; /* post background */ --fg-color: #303034; /* post background */
--bg-color: #1B1B1E; /* page background etc */ --bg-color: #1b1b1e; /* page background etc */
--text-color: #ECEAF1; /* text */ --text-color: #eceaf1; /* text */
--blue-ish: #587291; /* buttons etc */ --blue-ish: #587291; /* buttons etc */
} }
* { * {
font-family: Arial, Helvetica, sans-serif; font-family: Arial, Helvetica, sans-serif;
} }
html { html {
scroll-behavior: smooth; scroll-behavior: smooth;
} }
body { body {
margin: 8px; margin: 8px;
} }
.noselect { .noselect {
user-select: none; user-select: none;
} }
#modal-shade, #modal-shade,
#modal { #modal {
display: none; display: none;
text-align: center; text-align: center;
} }
#modal-shade { #modal-shade {
position: fixed; position: fixed;
z-index: 100; z-index: 100;
top: 0; top: 0;
left: 0; left: 0;
width: 100%; width: 100%;
height: 100%; height: 100%;
} }
#modal { #modal {
z-index: 101; z-index: 101;
position: fixed; position: fixed;
width: 50%; width: 50%;
height:50%; height: 50%;
left:25%; left: 25%;
right:25%; right: 25%;
top:25%; top: 25%;
} }
#modal-shade { #modal-shade {
background: silver; background: silver;
opacity: 0.5; opacity: 0.5;
filter: alpha(opacity=50); filter: alpha(opacity=50);
} }
#modal { #modal {
background: rgba(0,0,0,.5); background: rgba(0, 0, 0, 0.5);
} }
ul { ul {
list-style-type: none; list-style-type: none;
margin: 0; margin: 0;
padding: 0; padding: 0;
overflow: hidden; overflow: hidden;
background-color: var(--fg-color); background-color: var(--fg-color);
} }
li { li {
float: left; float: left;
} }
li a { li a {
display: block; display: block;
color: white; color: white;
text-align: center; text-align: center;
padding: 14px 16px; padding: 14px 16px;
text-decoration: none; text-decoration: none;
} }
.totib { .totib {
margin-top: 6.5%; margin-top: 6.5%;
} }
li a:hover { li a:hover {
background-color: #111; background-color: #111;
} }
a { a {
text-decoration: none; text-decoration: none;
} }
a:link:not(.no-link-style), a:visited:not(.no-link-style) { a:link:not(.no-link-style),
color: var(--green); a:visited:not(.no-link-style) {
color: var(--green);
} }
.no-link-style:visited, .no-link-style:link { .no-link-style:visited,
color: var(--text-color); .no-link-style:link {
color: var(--text-color);
} }
a:hover { a:hover {
color: red; color: red;
} }
footer { footer {
color: white; color: white;
margin-top: 100px; margin-top: 100px;
background-color: var(--fg-color); background-color: var(--fg-color);
} }
.right { .right {
float: right; float: right;
} }
.less_padding { .less_padding {
padding: 6px 14px; padding: 6px 14px;
} }
.pd-great { .pd-great {
padding: 10px 30px; padding: 10px 30px;
} }
.bg-light { .bg-light {
background-color: var(--fg-color); background-color: var(--fg-color);
} }
.bg-dark { .bg-dark {
background-color: var(--bg-color); background-color: var(--bg-color);
} }
.no-bg-img { .no-bg-img {
background: none; background: none;
} }

133
css/logon.css
View File

@ -1,98 +1,99 @@
* { * {
padding: 0px; padding: 0px;
margin: 0px; margin: 0px;
} }
body { body {
background-color: var(--bg-color); background-color: var(--bg-color);
} }
header { header {
color: white; color: white;
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
height: 15vh; height: 15vh;
box-shadow: 5px 5px 10px rgb(0,0,0,0.3); box-shadow: 5px 5px 10px rgb(0, 0, 0, 0.3);
} }
h1 { h1 {
letter-spacing: 1.5vw; letter-spacing: 1.5vw;
text-transform: uppercase; text-transform: uppercase;
text-align: center; text-align: center;
} }
main { main {
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
height: 75vh; height: 75vh;
width: 100%; width: 100%;
background: url(https://ipost.rocks/images/Mountains.webp) no-repeat center center; background: url(https://ipost.rocks/images/Mountains.webp) no-repeat center
background-size: cover; center;
background-size: cover;
} }
.form_class { .form_class {
width: 500px; width: 500px;
padding: 40px; padding: 40px;
border-radius: 8px; border-radius: 8px;
background-color: var(--bg-color); background-color: var(--bg-color);
color: var(--text-color); color: var(--text-color);
box-shadow: 5px 5px 10px rgb(0,0,0,.3); box-shadow: 5px 5px 10px rgb(0, 0, 0, 0.3);
} }
.form_div { .form_div {
text-transform: uppercase; text-transform: uppercase;
} }
.form_div > label { .form_div > label {
letter-spacing: 3px; letter-spacing: 3px;
font-size: 1rem; font-size: 1rem;
} }
.info_div { .info_div {
text-align: center; text-align: center;
margin-top: 20px; margin-top: 20px;
} }
.info_div { .info_div {
letter-spacing: 1px; letter-spacing: 1px;
} }
.field_class { .field_class {
width: 100%; width: 100%;
border-radius: 6px; border-radius: 6px;
border-style: solid; border-style: solid;
border-width: 1px; border-width: 1px;
padding: 5px 0px; padding: 5px 0px;
text-indent: 6px; text-indent: 6px;
margin-top: 10px; margin-top: 10px;
margin-bottom: 20px; margin-bottom: 20px;
font-size: 0.9rem; font-size: 0.9rem;
letter-spacing: 2px; letter-spacing: 2px;
} }
.submit_class { .submit_class {
border-style: none; border-style: none;
border-radius: 5px; border-radius: 5px;
background-color: #FFE6D4; background-color: #ffe6d4;
padding: 8px 20px; padding: 8px 20px;
text-transform: uppercase; text-transform: uppercase;
letter-spacing: .8px; letter-spacing: 0.8px;
display: block; display: block;
margin: auto; margin: auto;
margin-top: 10px; margin-top: 10px;
box-shadow: 2px 2px 5px rgb(0,0,0,0.2); box-shadow: 2px 2px 5px rgb(0, 0, 0, 0.2);
cursor: pointer; cursor: pointer;
} }
footer { footer {
height: 10vh; height: 10vh;
background-color: black; background-color: black;
color: white; color: white;
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
box-shadow: -5px -5px 10px rgb(0,0,0,0.3); box-shadow: -5px -5px 10px rgb(0, 0, 0, 0.3);
} }
footer > p { footer > p {
text-align: center; text-align: center;
letter-spacing: 3px; letter-spacing: 3px;
} }
footer > p > a { footer > p > a {
text-decoration: none; text-decoration: none;
color: white; color: white;
font-weight: bold; font-weight: bold;
} }
a { a {
color: red; color: red;
text-decoration: none; text-decoration: none;
} }

61
css/main.css
View File

@ -1,46 +1,47 @@
* { * {
padding: 0px; padding: 0px;
margin: 0px; margin: 0px;
} }
body { body {
background-color: lightgreen; background-color: lightgreen;
} }
header { header {
background-color: black; background-color: black;
color: white; color: white;
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
height: 15vh; height: 15vh;
box-shadow: 5px 5px 10px rgb(0,0,0,0.3); box-shadow: 5px 5px 10px rgb(0, 0, 0, 0.3);
} }
h1 { h1 {
letter-spacing: 1.5vw; letter-spacing: 1.5vw;
text-transform: uppercase; text-transform: uppercase;
text-align: center; text-align: center;
} }
main { main {
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
height: 75vh; height: 75vh;
width: 100%; width: 100%;
background: url(https://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Mountains-1412683.svg/1280px-Mountains-1412683.svg.png) no-repeat center center; background: url(https://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Mountains-1412683.svg/1280px-Mountains-1412683.svg.png)
background-size: cover; no-repeat center center;
background-size: cover;
} }
.info_div { .info_div {
text-align: center; text-align: center;
margin-top: 20px; margin-top: 20px;
} }
.info_div { .info_div {
letter-spacing: 1px; letter-spacing: 1px;
} }
footer { footer {
height: 10vh; height: 10vh;
background-color: black; background-color: black;
color: white; color: white;
display: flex; display: flex;
align-items: center; align-items: center;
justify-content: center; justify-content: center;
box-shadow: -5px -5px 10px rgb(0,0,0,0.3); box-shadow: -5px -5px 10px rgb(0, 0, 0, 0.3);
} }

99
css/posts.css
View File

@ -1,108 +1,111 @@
#posts > div > p > span:first-child { #posts > div > p > span:first-child {
color: #BFE7D4; color: #bfe7d4;
} }
.status { .status {
color: var(--text-color); color: var(--text-color);
} }
.self { .self {
color: var(--text-color); color: var(--text-color);
} }
#username-self { #username-self {
color: #036D19; color: #036d19;
} }
.specialtext { .specialtext {
color: yellow; color: yellow;
} }
.crossout { .crossout {
text-decoration: line-through; text-decoration: line-through;
} }
.greentext { .greentext {
color: var(--green); color: var(--green);
} }
#posts > div { #posts > div {
background-color: var(--fg-color); background-color: var(--fg-color);
padding-left: 5px; padding-left: 5px;
padding-bottom: 2px; padding-bottom: 2px;
} }
.avatar { .avatar {
margin-right: 5px; margin-right: 5px;
margin-top: 10px; margin-top: 10px;
margin-left: 5px; margin-left: 5px;
} }
.mention { .mention {
color: blue; color: blue;
} }
.user-mention { .user-mention {
color: #036D19; color: #036d19;
} }
.everyone-mention { .everyone-mention {
color: aqua; color: aqua;
} }
body { body {
background-color: var(--bg-color); background-color: var(--bg-color);
} }
textarea { textarea {
background-color: var(--bg-color); background-color: var(--bg-color);
} }
button { button {
background-color: var(--blue-ish); background-color: var(--blue-ish);
} }
.post,.self,.status { .post,
padding: 1%; .self,
color: var(--text-color); .status {
width: 50%; padding: 1%;
margin-left: 25%; color: var(--text-color);
margin-right: 25%; width: 50%;
margin-top: 10px; margin-left: 25%;
margin-bottom: 10px; margin-right: 25%;
border-radius: 10px; margin-top: 10px;
overflow-wrap: break-word; margin-bottom: 10px;
overflow: hidden; border-radius: 10px;
overflow-wrap: break-word;
overflow: hidden;
} }
.ovfl-bw { .ovfl-bw {
overflow-wrap: break-word; overflow-wrap: break-word;
overflow: hidden; overflow: hidden;
background-color: var(--bg-color); background-color: var(--bg-color);
padding: 1%; padding: 1%;
} }
#post-text, button { #post-text,
color: var(--text-color); button {
border-radius: 5px; color: var(--text-color);
resize: none; border-radius: 5px;
overflow-wrap: break-word; resize: none;
overflow: hidden; overflow-wrap: break-word;
overflow: hidden;
} }
.channelTab { .channelTab {
color: var(--text-color); color: var(--text-color);
background-color: var(--fg-color); background-color: var(--fg-color);
text-align: center; text-align: center;
float: left; float: left;
margin-left: 20px; margin-left: 20px;
margin-right: 20px; margin-right: 20px;
} }
.channel { .channel {
padding: 10px; padding: 10px;
} }
#scriptonly { #scriptonly {
margin: auto; margin: auto;
} }

2
css/search.css
View File

@ -4,5 +4,5 @@ body {
} }
.form_div { .form_div {
text-align: center; text-align: center;
} }

37
css/style.css
View File

@ -5,7 +5,7 @@ body {
} }
h1 { h1 {
color: white; color: white;
} }
button { button {
@ -13,29 +13,30 @@ button {
margin: 10px; margin: 10px;
} }
::placeholder{ ::placeholder {
color: white; color: white;
} }
#bio { #bio {
color:black; color: black;
font-size: 20px; font-size: 20px;
background-color: black; background-color: black;
border: 0px solid black; border: 0px solid black;
border-radius: 7px; border-radius: 7px;
} }
.bio { .bio {
color:black; color: black;
font-size: 20px; font-size: 20px;
} }
main { main {
display: flex; display: flex;
/* align-items: center; */ /* align-items: center; */
justify-content: center; justify-content: center;
height: 75vh; height: 75vh;
width: 100%; width: 100%;
background: url(https://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Mountains-1412683.svg/1280px-Mountains-1412683.svg.png) no-repeat center center; background: url(https://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Mountains-1412683.svg/1280px-Mountains-1412683.svg.png)
background-size: cover; no-repeat center center;
background-size: cover;
} }

62
docker-compose.yml
View File

@ -1,35 +1,35 @@
services: services:
app: app:
build: . build: .
ports: ports:
- "23080:80" - '23080:80'
environment: environment:
- MYSQL_HOST=db - MYSQL_HOST=db
- MYSQL_USER=ipost - MYSQL_USER=ipost
- MYSQL_PASSWORD=ipost_password - MYSQL_PASSWORD=ipost_password
- MYSQL_DATABASE=ipost - MYSQL_DATABASE=ipost
depends_on: depends_on:
- db - db
volumes: volumes:
- ./logs:/app/logs - ./logs:/app/logs
- ./server_config.json:/app/server_config.json - ./server_config.json:/app/server_config.json
- ./cookiesecret.txt:/app/cookiesecret.txt - ./cookiesecret.txt:/app/cookiesecret.txt
- ./mysql_password.txt:/app/mysql_password.txt - ./mysql_password.txt:/app/mysql_password.txt
restart: unless-stopped restart: unless-stopped
db: db:
image: mysql:8.0 image: mysql:8.0
environment: environment:
- MYSQL_ROOT_PASSWORD=root_password - MYSQL_ROOT_PASSWORD=root_password
- MYSQL_DATABASE=ipost - MYSQL_DATABASE=ipost
- MYSQL_USER=ipost - MYSQL_USER=ipost
- MYSQL_PASSWORD=ipost_password - MYSQL_PASSWORD=ipost_password
volumes: volumes:
- mysql_data:/var/lib/mysql - mysql_data:/var/lib/mysql
- ./createSchema.sql:/docker-entrypoint-initdb.d/createSchema.sql - ./createSchema.sql:/docker-entrypoint-initdb.d/createSchema.sql
ports: ports:
- "3306:3306" - '3306:3306'
restart: unless-stopped restart: unless-stopped
volumes: volumes:
mysql_data: mysql_data:

35
extra_modules/SHA.js
View File

@ -1,12 +1,9 @@
import crypto from "crypto"; import crypto from 'crypto'
let SHA256_cache = {} let SHA256_cache = {}
function _SHA256(str) { function _SHA256(str) {
return crypto return crypto.createHash('sha256').update(str).digest('base64')
.createHash("sha256")
.update(str)
.digest("base64");
} }
/** /**
@ -17,25 +14,23 @@ function _SHA256(str) {
* @returns {string} base64 digested hash * @returns {string} base64 digested hash
*/ */
function SHA256(str, salt, num) { function SHA256(str, salt, num) {
if (!num && num !== 0) if (!num && num !== 0) num = 1
num = 1; if (!str) return
if (!str) let identifier = _SHA256(str + salt + num.toString())
return; if (SHA256_cache[identifier] != undefined) {
let identifier = _SHA256(str+salt+num.toString()) return SHA256_cache[identifier]
if(SHA256_cache[identifier] != undefined) {
return SHA256_cache[identifier];
} }
let ret = str; let ret = str
for (let i = 0; i < num; i++) { for (let i = 0; i < num; i++) {
ret = _SHA256(ret + salt) ret = _SHA256(ret + salt)
} }
SHA256_cache[identifier] = ret; SHA256_cache[identifier] = ret
setTimeout(()=>{ setTimeout(() => {
SHA256_cache[identifier] = undefined SHA256_cache[identifier] = undefined
},10000) //cache for 10s }, 10000) //cache for 10s
return ret; return ret
} }
export { SHA256 }; export { SHA256 }
export default { export default {
SHA256: SHA256 SHA256: SHA256,
}; }

26
extra_modules/ensureExists.js
View File

@ -1,4 +1,4 @@
import {mkdir} from "fs" import { mkdir } from 'fs'
/** /**
* makes sure that a given folder exists, if it doesn't it creates one for you * makes sure that a given folder exists, if it doesn't it creates one for you
@ -7,23 +7,19 @@ import {mkdir} from "fs"
* @param {Function} cb callback, gives null if the folder exists, otherwise gives the error * @param {Function} cb callback, gives null if the folder exists, otherwise gives the error
* @return {undefined} see: callback * @return {undefined} see: callback
*/ */
function ensureExists(path, mask, cb) { function ensureExists(path, mask, cb) {
if (typeof mask === 'function') { // Allow the `mask` parameter to be optional if (typeof mask === 'function') {
cb = mask; // Allow the `mask` parameter to be optional
mask = 0o744; cb = mask
mask = 0o744
} }
mkdir(path, mask, function (err) { mkdir(path, mask, function (err) {
if (err) { if (err) {
if (err.code === 'EEXIST') if (err.code === 'EEXIST')
cb(null); // Ignore the error if the folder already exists cb(null) // Ignore the error if the folder already exists
else else cb(err) // Something else went wrong
cb(err); // Something else went wrong } else cb(null) // Successfully created folder
} })
else
cb(null); // Successfully created folder
});
} }
export { export { ensureExists }
ensureExists
} ;

17
extra_modules/getip.js
View File

@ -1,14 +1,17 @@
import fs from "fs"; import fs from 'fs'
const config = JSON.parse(fs.readFileSync("server_config.json")); const config = JSON.parse(fs.readFileSync('server_config.json'))
/** /**
* gets ip of a request * gets ip of a request
* @param {request} req * @param {request} req
* @returns ip of the given request, after taking preferred headers into account * @returns ip of the given request, after taking preferred headers into account
*/ */
function getIP(req) { function getIP(req) {
let ip = req.socket.remoteAddress; let ip = req.socket.remoteAddress
if (req.headers[config.preferred_ip_header] !== undefined && ip === config.only_prefer_when_ip) if (
ip = req.headers[config.preferred_ip_header]; req.headers[config.preferred_ip_header] !== undefined &&
return ip; ip === config.only_prefer_when_ip
)
ip = req.headers[config.preferred_ip_header]
return ip
} }
export default getIP; export default getIP

18
extra_modules/navbar.html
View File

@ -1,7 +1,15 @@
<ul class="navbar noselect"> <ul class="navbar noselect">
<li><a href="/">Home</a></li> <li><a href="/">Home</a></li>
<li><a href="/user" id="hide_user">Profile</a></li> <li><a href="/user" id="hide_user">Profile</a></li>
<li><a href="/posts" id="hide_posts">Posts</a></li> <li><a href="/posts" id="hide_posts">Posts</a></li>
<li><a href="/dms" id="hide_dms">DMs</a></li> <li><a href="/dms" id="hide_dms">DMs</a></li>
<li class="right"><a href="/settings" id="hide_settings" class="less_padding"><img src="/images/settings_min.png" width=30 height=30 alt="settings"></a></li> <li class="right">
<a href="/settings" id="hide_settings" class="less_padding"
><img
src="/images/settings_min.png"
width="30"
height="30"
alt="settings"
/></a>
</li>
</ul> </ul>

47
extra_modules/unsign.js
View File

@ -1,7 +1,7 @@
import * as signature from "cookie-signature"; import * as signature from 'cookie-signature'
import fs from "fs"; import fs from 'fs'
import getIP from "./getip.js"; import getIP from './getip.js'
const cookiesecret = fs.readFileSync("cookiesecret.txt").toString(); const cookiesecret = fs.readFileSync('cookiesecret.txt').toString()
/** /**
* usignes a string * usignes a string
* @param {string} text text to unsign * @param {string} text text to unsign
@ -10,14 +10,14 @@ const cookiesecret = fs.readFileSync("cookiesecret.txt").toString();
* @return {string/boolean} unsigned text, or if unsigning was unsuccessful, false * @return {string/boolean} unsigned text, or if unsigning was unsuccessful, false
*/ */
function unsign(text, req, res) { function unsign(text, req, res) {
let ip = getIP(req); let ip = getIP(req)
let unsigned = signature.unsign(text, cookiesecret + ip); let unsigned = signature.unsign(text, cookiesecret + ip)
if (!unsigned) { if (!unsigned) {
unsigned = signature.unsign(text, cookiesecret); //unsafe login? unsigned = signature.unsign(text, cookiesecret) //unsafe login?
if(!unsigned)return false; if (!unsigned) return false
return unsigned return unsigned
} }
return unsigned; return unsigned
} }
/** /**
* unsignes the auth cookie of a request, also sends json response if auth cookie was invalid * unsignes the auth cookie of a request, also sends json response if auth cookie was invalid
@ -26,26 +26,25 @@ function unsign(text, req, res) {
* @return {string/boolean} unsigned cookie, or if unsigning was unsuccessful, false * @return {string/boolean} unsigned cookie, or if unsigning was unsuccessful, false
*/ */
function getunsigned(req, res) { function getunsigned(req, res) {
let cookie = req.cookies.AUTH_COOKIE; let cookie = req.cookies.AUTH_COOKIE
if (!cookie) { if (!cookie) {
res.status(403); res.status(403)
res.json({ "error": "you are not logged in! (no cookie)" }); res.json({ error: 'you are not logged in! (no cookie)' })
return; return
} }
let unsigned = unsign(cookie, req, res); let unsigned = unsign(cookie, req, res)
if (!unsigned) { if (!unsigned) {
try { try {
res.status(401); res.status(401)
res.json({ "error": "Bad auth cookie set" }); res.json({ error: 'Bad auth cookie set' })
} } catch (ignored) {} //sometimes it errors, gotta debug soon
catch (ignored) { } //sometimes it errors, gotta debug soon return false
return false;
} }
return decodeURIComponent(unsigned); return decodeURIComponent(unsigned)
} }
export { unsign }; export { unsign }
export { getunsigned }; export { getunsigned }
export default { export default {
unsign: unsign, unsign: unsign,
getunsigned: getunsigned getunsigned: getunsigned,
}; }

25
extra_modules/xor.js
View File

@ -1,19 +1,24 @@
function XOR_hex(a, b) { function XOR_hex(a, b) {
var res = "", i = a.length, j = b.length; var res = '',
i = a.length,
j = b.length
while (i-- > 0 && j-- > 0) while (i-- > 0 && j-- > 0)
res = (parseInt(a.charAt(i), 16) ^ parseInt(b.charAt(j), 16)).toString(16) + res; res =
return res; (parseInt(a.charAt(i), 16) ^ parseInt(b.charAt(j), 16)).toString(
16
) + res
return res
} }
function hexEncode(a) { function hexEncode(a) {
let hex; let hex
let result = ""; let result = ''
for (let i = 0; i < a.length; i++) { for (let i = 0; i < a.length; i++) {
hex = a.charCodeAt(i).toString(16); hex = a.charCodeAt(i).toString(16)
result += ("000" + hex).slice(-4); result += ('000' + hex).slice(-4)
} }
return result; return result
} }
function xor(a, b) { function xor(a, b) {
return XOR_hex(hexEncode(a), hexEncode(b)).toString("hex"); return XOR_hex(hexEncode(a), hexEncode(b)).toString('hex')
} }
export default xor; export default xor

4
js/addnavbar.js
View File

@ -9,7 +9,7 @@ const navbar = `<ul class="navbar noselect">
//<li><a href="/search" id="hide_search">Search</a></li> //<li><a href="/search" id="hide_search">Search</a></li>
function addnavbar() { function addnavbar() {
document.body.innerHTML = navbar + document.body.innerHTML document.body.innerHTML = navbar + document.body.innerHTML
} }
document.addEventListener("DOMContentLoaded", addnavbar) document.addEventListener('DOMContentLoaded', addnavbar)

39
js/changePW.js
View File

@ -1,22 +1,31 @@
async function setUser() { async function setUser() {
let user = await (await fetch("/api/getuser")).json() let user = await (await fetch('/api/getuser')).json()
//user["username"],user["error"] //user["username"],user["error"]
if(user["username"])document.getElementById("username").innerText = `Current User: ${user["username"]}` if (user['username'])
if(user["error"])document.getElementById("username").innerText = `Error: ${user["error"]}` document.getElementById('username').innerText =
`Current User: ${user['username']}`
if (user['error'])
document.getElementById('username').innerText =
`Error: ${user['error']}`
} }
setUser() setUser()
async function changePW(){ async function changePW() {
if(window.confirm("Are you sure that you want to change your Password?")){ if (window.confirm('Are you sure that you want to change your Password?')) {
let re = await (await post("/api/changePW",{"currentPW":document.getElementById("currentPW").value,"newPW":document.getElementById("newPW").value})).json() let re = await (
document.getElementById("response").innerText = re["error"] || re["success"] await post('/api/changePW', {
document.getElementById("response").style="color:green" currentPW: document.getElementById('currentPW').value,
if(re["error"]) { newPW: document.getElementById('newPW').value,
document.getElementById("response").style="color:red" })
).json()
document.getElementById('response').innerText =
re['error'] || re['success']
document.getElementById('response').style = 'color:green'
if (re['error']) {
document.getElementById('response').style = 'color:red'
}
document.getElementById('currentPW').value = ''
document.getElementById('newPW').value = ''
} }
document.getElementById("currentPW").value = ""
document.getElementById("newPW").value = ""
}
} }

45
js/changeUsername.js
View File

@ -1,25 +1,36 @@
async function setUser() { async function setUser() {
let user = await (await fetch("/api/getuser")).json() let user = await (await fetch('/api/getuser')).json()
//user["username"],user["error"] //user["username"],user["error"]
if(user["username"])document.getElementById("username").innerText = `Current User: ${user["username"]}` if (user['username'])
if(user["error"])document.getElementById("username").innerText = `Error: ${user["error"]}` document.getElementById('username').innerText =
`Current User: ${user['username']}`
if (user['error'])
document.getElementById('username').innerText =
`Error: ${user['error']}`
} }
setUser() setUser()
async function change(){ async function change() {
if(window.confirm("Are you sure that you want to change your Username?")){ if (window.confirm('Are you sure that you want to change your Username?')) {
let re = await (await post("/api/changeUsername",{"currentPW":document.getElementById("currentPW").value.toString(),"newUsername":document.getElementById("newUsername").value})).json() let re = await (
document.getElementById("response").innerText = re["error"] || re["success"] await post('/api/changeUsername', {
document.getElementById("response").style="color:green" currentPW: document
if(re["error"]) { .getElementById('currentPW')
document.getElementById("response").style="color:red" .value.toString(),
newUsername: document.getElementById('newUsername').value,
})
).json()
document.getElementById('response').innerText =
re['error'] || re['success']
document.getElementById('response').style = 'color:green'
if (re['error']) {
document.getElementById('response').style = 'color:red'
}
document.getElementById('currentPW').value = ''
document.getElementById('newUsername').value = ''
setUser()
} }
document.getElementById("currentPW").value = ""
document.getElementById("newUsername").value = ""
setUser()
}
} }
document.getElementById("submit").addEventListener("click",change) document.getElementById('submit').addEventListener('click', change)

811
js/dms.js
View File

@ -1,8 +1,8 @@
let username let username
const wss_server = "wss://ipost.rocks" const wss_server = 'wss://ipost.rocks'
const wss_port = "443" const wss_port = '443'
const wss_URI = wss_server + ":" + wss_port const wss_URI = wss_server + ':' + wss_port
var reply_id = 0 var reply_id = 0
@ -10,51 +10,51 @@ var highest_id
var currentChannel var currentChannel
let socket = new WebSocket(wss_URI); let socket = new WebSocket(wss_URI)
socket.addEventListener("message", async function (_event) { socket.addEventListener('message', async function (_event) {
console.info("TODO: add websocket support to dms") console.info('TODO: add websocket support to dms')
// return // return
// if(wss_server === event.origin) { // if(wss_server === event.origin) {
// let data = event.data; // let data = event.data;
// let ds = JSON.parse(data) // let ds = JSON.parse(data)
// let message = ds.message // let message = ds.message
// let item = ds.data // let item = ds.data
// let username = decodeURIComponent(item.post_user_name) // let username = decodeURIComponent(item.post_user_name)
// if(message === "new_post") { // if(message === "new_post") {
// await createPost(decodeURIComponent(item.post_user_name),decodeURIComponent(item.post_text),item.post_time,item.post_special_text,highest_id+1,item.post_from_bot,item.post_reply_id,true) // await createPost(decodeURIComponent(item.post_user_name),decodeURIComponent(item.post_text),item.post_time,item.post_special_text,highest_id+1,item.post_from_bot,item.post_reply_id,true)
// if(user["username"]!==username)mainNoti(username) // if(user["username"]!==username)mainNoti(username)
// let highest_known_posts = await (await fetch(`/api/getPostsLowerThan?id=${highest_id+28}&channel=${currentChannel}`)).json() // let highest_known_posts = await (await fetch(`/api/getPostsLowerThan?id=${highest_id+28}&channel=${currentChannel}`)).json()
// for (let i = 0; i < highest_known_posts.length; i++) { // for (let i = 0; i < highest_known_posts.length; i++) {
// if(document.getElementById(highest_known_posts[i].post_id) === undefined) { // if(document.getElementById(highest_known_posts[i].post_id) === undefined) {
// main() // main()
// return; // return;
// } // }
// } // }
// highest_id++; // highest_id++;
// } // }
// } // }
}) })
var cd = true //inversed "cooldown" var cd = true //inversed "cooldown"
let encryption_keys = "" let encryption_keys = ''
function set_keys(s_key) { function set_keys(s_key) {
let key = extend(s_key,512) let key = extend(s_key, 512)
let msgkey = key.substring(0,128) let msgkey = key.substring(0, 128)
let sigkey = key.substring(129,512) let sigkey = key.substring(129, 512)
let packed = pack_keys({ let packed = pack_keys({
signkey: sigkey, signkey: sigkey,
messagekey: msgkey messagekey: msgkey,
}) })
localStorage.setItem(currentChannel+"enc_key",packed) localStorage.setItem(currentChannel + 'enc_key', packed)
encryption_keys = packed encryption_keys = packed
main() main()
} }
let last_called_postMsg = Date.now() let last_called_postMsg = Date.now()
@ -63,424 +63,487 @@ let last_called_postMsg = Date.now()
previously called postMessage previously called postMessage
*/ */
async function postMsg() { async function postMsg() {
if((Date.now() - last_called_postMsg) < 100) { if (Date.now() - last_called_postMsg < 100) {
createModal("slow down there") createModal('slow down there')
debugger; debugger
return; return
}
last_called_postMsg = Date.now()
let len = document.getElementById("post-text").value.length
if(len >= 1001) {
alert(`Your message cant contain more than 1000 characters! (${len})`)
return
}
if(cd && posting_id!==undefined) {
cd = false
let text = document.getElementById("post-text").value
if(typeof encrypt === "function" && encryption_keys !== "") {
text = encrypt(text,{
packed: encryption_keys
})
} }
last_called_postMsg = Date.now()
let len = document.getElementById('post-text').value.length
if (len >= 1001) {
alert(`Your message cant contain more than 1000 characters! (${len})`)
return
}
if (cd && posting_id !== undefined) {
cd = false
let r = await post("/api/dms/post",{"message":text,"reply_id":reply_id,"receiver":currentChannel,"pid": posting_id}) let text = document.getElementById('post-text').value
update_pid()
if(window.location.href.split("?mention=")[1])location.replace('/posts'); if (typeof encrypt === 'function' && encryption_keys !== '') {
document.getElementById("post-text").value="" text = encrypt(text, {
unreply() packed: encryption_keys,
setTimeout(function(){ })
cd = true }
},200)
} else { let r = await post('/api/dms/post', {
alert("Please wait a tiny bit before posting again") message: text,
} reply_id: reply_id,
receiver: currentChannel,
pid: posting_id,
})
update_pid()
if (window.location.href.split('?mention=')[1])
location.replace('/posts')
document.getElementById('post-text').value = ''
unreply()
setTimeout(function () {
cd = true
}, 200)
} else {
alert('Please wait a tiny bit before posting again')
}
} }
async function update_pid() { async function update_pid() {
let r = await (await fetch("/api/dms/pid")).json() let r = await (await fetch('/api/dms/pid')).json()
console.log("new pid info: ",r) console.log('new pid info: ', r)
if(r.error) { if (r.error) {
//an error occurred //an error occurred
if(r.error === "you cannot access the api without being logged in") { if (r.error === 'you cannot access the api without being logged in') {
//account error, go to login page //account error, go to login page
location.replace("/") location.replace('/')
return return
}
//possibly more errors coming soon :tm: ?
return
} }
posting_id = r.pid
//possibly more errors coming soon :tm: ? console.log('Updated pid', posting_id)
return
}
posting_id = r.pid
console.log("Updated pid",posting_id)
} }
function spacerTextNode() { function spacerTextNode() {
return document.createTextNode(" | ") return document.createTextNode(' | ')
} }
const user_cache = {} const user_cache = {}
async function getavatar(username) { async function getavatar(username) {
let user = user_cache[username] let user = user_cache[username]
if(user === undefined) { if (user === undefined) {
user = (await (await fetch("/api/getotheruser?user="+encodeURIComponent(username))).json())["avatar"] user = (
if(user) { await (
user = "/avatars/"+user await fetch(
'/api/getotheruser?user=' + encodeURIComponent(username)
)
).json()
)['avatar']
if (user) {
user = '/avatars/' + user
} else {
user = '/images/default_avatar.png'
}
user_cache[username] = user
}
return user
}
async function reply_link_clicked(reply_channel, reply_id) {
console.log('clicked link')
if (reply_channel !== currentChannel) {
console.log('reply is in another channel')
switchChannel(reply_channel)
console.log('switched channel')
await main()
console.log('loaded new messages')
let replied_msg = document.getElementById(reply_id)
if (replied_msg) {
console.log('found element')
replied_msg.scrollIntoView()
}
} else { } else {
user = "/images/default_avatar.png" let replied_msg = document.getElementById(reply_id)
if (replied_msg) {
console.log('found element')
replied_msg.scrollIntoView()
}
} }
user_cache[username]=user
}
return user
} }
async function reply_link_clicked(reply_channel,reply_id) { async function createPost(
console.log("clicked link") username,
if(reply_channel !== currentChannel) { text,
console.log("reply is in another channel") time,
switchChannel(reply_channel) specialtext,
console.log("switched channel") postid,
await main() isbot,
console.log("loaded new messages") reply_id,
let replied_msg = document.getElementById(reply_id) add_on_top
if(replied_msg) { ) {
console.log("found element") if (!specialtext) specialtext = ''
replied_msg.scrollIntoView() const newDiv = document.createElement('div')
} const newP = document.createElement('p')
} else { const newA = document.createElement('a')
let replied_msg = document.getElementById(reply_id) const newSpan2 = document.createElement('span')
if(replied_msg) { const newSpan3 = document.createElement('span')
console.log("found element") const avatar = document.createElement('img')
replied_msg.scrollIntoView() const boticon = document.createElement('img')
}
}
}
async function createPost(username,text,time,specialtext,postid,isbot,reply_id,add_on_top) { const replyDiv = document.createElement('div')
if(!specialtext)specialtext="" const replyA = document.createElement('a')
const newDiv = document.createElement("div"); const replyAvatar = document.createElement('img')
const newP = document.createElement("p"); const replySpan = document.createElement('span')
const newA = document.createElement("a"); const replyBr = document.createElement('br')
const newSpan2 = document.createElement("span");
const newSpan3 = document.createElement("span");
const avatar = document.createElement("img");
const boticon = document.createElement("img");
const replyDiv = document.createElement("div"); boticon.src = '/images/bot.png'
const replyA = document.createElement("a"); boticon.height = 25
const replyAvatar = document.createElement("img"); boticon.width = 25
const replySpan = document.createElement("span"); boticon.classList.add('boticon')
const replyBr = document.createElement("br");
boticon.src = "/images/bot.png" const newUsername = document.createTextNode(username)
boticon.height = 25 let timedate = new Date(time)
boticon.width = 25 time = timedate
boticon.classList.add("boticon") time = time.toString()
time = time.split(' ')
time =
time[0] + ' ' + time[1] + ' ' + time[2] + ' ' + time[3] + ' ' + time[4]
if (
timedate ===
'Thu Jan 01 1970 01:00:00 GMT+0100 (Central European Standard Time)'
)
time = 'unknown time'
const newTime = document.createTextNode(time)
const newSpecialText = document.createTextNode(specialtext)
newDiv.classList.add('post')
newSpan3.classList.add('specialtext')
const newUsername = document.createTextNode(username); avatar.width = 25
let timedate = new Date(time) avatar.height = 25
time = timedate avatar.classList.add('avatar')
time = time.toString()
time = time.split(" ")
time = time[0] + " " + time[1] + " " + time[2] + " " + time[3] + " " + time[4]
if(timedate==="Thu Jan 01 1970 01:00:00 GMT+0100 (Central European Standard Time)")time="unknown time"
const newTime = document.createTextNode(time)
const newSpecialText = document.createTextNode(specialtext)
newDiv.classList.add("post");
newSpan3.classList.add("specialtext")
avatar.src = await getavatar(username)
avatar.width=25; newA.appendChild(avatar)
avatar.height=25; newA.appendChild(newUsername)
avatar.classList.add("avatar")
avatar.src = await getavatar(username) newA.href = `/users/${username}`
newSpan2.appendChild(newTime)
newSpan3.appendChild(newSpecialText)
newA.appendChild(avatar) newP.appendChild(newA)
newA.appendChild(newUsername)
newA.href = `/users/${username}`
newSpan2.appendChild(newTime)
newSpan3.appendChild(newSpecialText)
newP.appendChild(newA)
newP.appendChild(spacerTextNode())
newP.appendChild(newSpan2)
if(specialtext !== "")newP.appendChild(spacerTextNode())
newP.appendChild(newSpan3)
if(isbot===1){
newP.appendChild(spacerTextNode()) newP.appendChild(spacerTextNode())
newP.appendChild(boticon) newP.appendChild(newSpan2)
} if (specialtext !== '') newP.appendChild(spacerTextNode())
newP.appendChild(spacerTextNode()) newP.appendChild(newSpan3)
// |\>.</| if (isbot === 1) {
newP.innerHTML += `<button onclick="reply(${postid})">Reply to this Post</button>` newP.appendChild(spacerTextNode())
newP.appendChild(boticon)
if(reply_id !== 0) {
try {
const reply_obj = await (await fetch(`/api/dms/getDM?id=${reply_id}`)).json()
const reply_username = decodeURIComponent(reply_obj.dms_user_name)
const reply_username_text = document.createTextNode(reply_username)
let reply_text = decodeURIComponent(reply_obj.dms_text)
const reply_channel = reply_obj.dms_receiver
replyAvatar.width=10;
replyAvatar.height=10;
replyAvatar.classList.add("avatar")
replyAvatar.src = await getavatar(reply_username)
replyA.appendChild(replyAvatar)
replyA.appendChild(reply_username_text)
replyA.appendChild(spacerTextNode())
if(typeof decrypt === "function" && encryption_keys !== "") {
reply_text = decrypt(reply_text,{packed:encryption_keys}).msg
}
replyA.innerHTML += filterReply(reply_text.replace("\n"," ").substring(0,20))
replyA.appendChild(replyBr)
replyA.classList.add("no-link-style")
// async function onclick(event) {
// event.preventDefault()
// }
// replyDiv.onclick = function() {
// reply_link_clicked(reply_channel, reply_id)
// }
replyDiv.appendChild(replyA)
newDiv.appendChild(replyDiv)
replyDiv.outerHTML = replyDiv.outerHTML.replace(/\>/im,` onclick="reply_link_clicked('${reply_channel}',${reply_id})" \>`)
} catch (ignored) {
console.log(ignored)
} }
} newP.appendChild(spacerTextNode())
// |\>.</|
newP.innerHTML += `<button onclick="reply(${postid})">Reply to this Post</button>`
if(typeof decrypt === "function" && encryption_keys !== "") { if (reply_id !== 0) {
text = decrypt(text,{packed:encryption_keys}).msg try {
} const reply_obj = await (
newDiv.appendChild(newP) await fetch(`/api/dms/getDM?id=${reply_id}`)
newDiv.innerHTML += filterPost(text) ).json()
newDiv.id = postid const reply_username = decodeURIComponent(reply_obj.dms_user_name)
let posts_div = document.getElementById("posts") const reply_username_text = document.createTextNode(reply_username)
if(add_on_top) { let reply_text = decodeURIComponent(reply_obj.dms_text)
posts_div.insertBefore(newDiv, posts_div.children[0]); const reply_channel = reply_obj.dms_receiver
} else { replyAvatar.width = 10
posts_div.appendChild(newDiv) replyAvatar.height = 10
} replyAvatar.classList.add('avatar')
replyAvatar.src = await getavatar(reply_username)
replyA.appendChild(replyAvatar)
replyA.appendChild(reply_username_text)
replyA.appendChild(spacerTextNode())
if (typeof decrypt === 'function' && encryption_keys !== '') {
reply_text = decrypt(reply_text, {
packed: encryption_keys,
}).msg
}
replyA.innerHTML += filterReply(
reply_text.replace('\n', ' ').substring(0, 20)
)
replyA.appendChild(replyBr)
replyA.classList.add('no-link-style')
// async function onclick(event) {
// event.preventDefault()
// }
// replyDiv.onclick = function() {
// reply_link_clicked(reply_channel, reply_id)
// }
replyDiv.appendChild(replyA)
newDiv.appendChild(replyDiv)
replyDiv.outerHTML = replyDiv.outerHTML.replace(
/\>/im,
` onclick="reply_link_clicked('${reply_channel}',${reply_id})" \>`
)
} catch (ignored) {
console.log(ignored)
}
}
if (typeof decrypt === 'function' && encryption_keys !== '') {
text = decrypt(text, { packed: encryption_keys }).msg
}
newDiv.appendChild(newP)
newDiv.innerHTML += filterPost(text)
newDiv.id = postid
let posts_div = document.getElementById('posts')
if (add_on_top) {
posts_div.insertBefore(newDiv, posts_div.children[0])
} else {
posts_div.appendChild(newDiv)
}
} }
async function main(){ async function main() {
if(!user){ if (!user) {
user = await (await fetch("/api/getuser")).json() user = await (await fetch('/api/getuser')).json()
username = user.username
if (!username) {
user = undefined
document.getElementById('noaccount').style = ''
document.getElementById('loading').style = 'display:none;'
console.log('no account')
return
}
}
username = user.username username = user.username
if(!username){ document.getElementById('username-self').innerText = username
user = undefined
document.getElementById("noaccount").style="" let all_posts = await (
document.getElementById("loading").style="display:none;" await fetch(`/api/getPersonalPosts?otherperson=${currentChannel}`)
console.log("no account"); ).json()
return; if (!all_posts) {
document.getElementById('loading').style = 'display:none;'
document.getElementById('scriptonly').style = ''
} }
} document.getElementById('posts').innerHTML = ''
username = user.username if (all_posts.length <= 0) {
document.getElementById("username-self").innerText = username document.getElementById('loading').style = 'display:none;'
document.getElementById('scriptonly').style = ''
let all_posts = await (await fetch(`/api/getPersonalPosts?otherperson=${currentChannel}`)).json() //TODO: empty page
if(!all_posts){ return
document.getElementById("loading").style="display:none;" }
document.getElementById("scriptonly").style = "" highest_id = all_posts[0].post_id
}; for (i in all_posts) {
document.getElementById("posts").innerHTML = "" let item = all_posts[i]
if(all_posts.length <= 0) { await createPost(
document.getElementById("loading").style="display:none;" decodeURIComponent(item.dms_user_name),
document.getElementById("scriptonly").style = "" decodeURIComponent(item.dms_text),
//TODO: empty page item.dms_time,
return item.dms_special_text,
} item.dms_id,
highest_id = all_posts[0].post_id item.dms_from_bot,
for(i in all_posts) { item.dms_reply_id,
let item = all_posts[i] false
await createPost(decodeURIComponent(item.dms_user_name),decodeURIComponent(item.dms_text),item.dms_time,item.dms_special_text,item.dms_id,item.dms_from_bot,item.dms_reply_id,false) )
}
let links = document.getElementsByClassName("insertedlink")
for (let i = 0; i < links.length; i++) {
links[i].innerText = links[i].innerText.split("\/\/")[1].split("\/")[0]
}
let mentions = document.getElementsByClassName("mention")
for (let i = 0; i < mentions.length; i++) {
if(mentions[i]!==undefined && mentions[i].innerText === "@"+username) {
mentions[i].classList.add("user-mention");
mentions[i].classList.remove("mention");
i--;
} }
}
document.getElementById("loading").style="display:none;" let links = document.getElementsByClassName('insertedlink')
document.getElementById("scriptonly").style = "" for (let i = 0; i < links.length; i++) {
links[i].innerText = links[i].innerText.split('\/\/')[1].split('\/')[0]
}
let mentions = document.getElementsByClassName('mention')
for (let i = 0; i < mentions.length; i++) {
if (
mentions[i] !== undefined &&
mentions[i].innerText === '@' + username
) {
mentions[i].classList.add('user-mention')
mentions[i].classList.remove('mention')
i--
}
}
document.getElementById('loading').style = 'display:none;'
document.getElementById('scriptonly').style = ''
} }
async function reply(postid) { async function reply(postid) {
let post = await(await fetch("/api/dms/getDM?id="+postid)).json() let post = await (await fetch('/api/dms/getDM?id=' + postid)).json()
let username = post.dms_user_name let username = post.dms_user_name
let posttext = post.dms_text let posttext = post.dms_text
document.getElementById("reply").style = "" document.getElementById('reply').style = ''
document.getElementById("reply_username").innerText = decodeURIComponent(username) document.getElementById('reply_username').innerText =
decodeURIComponent(username)
posttext = decodeURIComponent(posttext) posttext = decodeURIComponent(posttext)
if(typeof decrypt === "function" && encryption_keys !== "") { if (typeof decrypt === 'function' && encryption_keys !== '') {
posttext = decrypt(posttext,{packed:encryption_keys}).msg posttext = decrypt(posttext, { packed: encryption_keys }).msg
} }
document.getElementById("reply_text").innerHTML = filterPost(posttext) document.getElementById('reply_text').innerHTML = filterPost(posttext)
reply_id = postid reply_id = postid
} }
function unreply() { function unreply() {
document.getElementById("reply").style = "display:none;" document.getElementById('reply').style = 'display:none;'
reply_id = 0 reply_id = 0
} }
var cansendNoti = false var cansendNoti = false
function askNotiPerms() { function askNotiPerms() {
return Notification.requestPermission() return Notification.requestPermission()
} }
async function firstAsk() { async function firstAsk() {
if(Notification.permission === 'denied' || Notification.permission === 'default') { if (
await askNotiPerms() Notification.permission === 'denied' ||
} Notification.permission === 'default'
) {
await askNotiPerms()
}
} }
async function mainNoti(user) { async function mainNoti(user) {
if (
if(Notification.permission === 'denied' || Notification.permission === 'default') { Notification.permission === 'denied' ||
await askNotiPerms() Notification.permission === 'default'
} else { ) {
if(cansendNoti) { await askNotiPerms()
let notification = new Notification('IPost', { body: "new dm from " + user , tag: "new_post"}); } else {
notification = await notification if (cansendNoti) {
notification.addEventListener("click",function(){ let notification = new Notification('IPost', {
notification.close() body: 'new dm from ' + user,
}) tag: 'new_post',
console.log(notification); })
notification = await notification
notification.addEventListener('click', function () {
notification.close()
})
console.log(notification)
}
} }
}
} }
document.addEventListener("visibilitychange", function() { document.addEventListener('visibilitychange', function () {
//cansendNoti = document.visibilityState !== 'visible' //cansendNoti = document.visibilityState !== 'visible'
if (document.visibilityState === 'visible') { if (document.visibilityState === 'visible') {
cansendNoti = false cansendNoti = false
} else { } else {
cansendNoti = true cansendNoti = true
} }
}); })
function switchChannel(channelname) { function switchChannel(channelname) {
sessionStorage.setItem("lastdm", channelname); sessionStorage.setItem('lastdm', channelname)
currentChannel = channelname currentChannel = channelname
if(localStorage.getItem(currentChannel+"enc_key")!==null) { if (localStorage.getItem(currentChannel + 'enc_key') !== null) {
encryption_keys = localStorage.getItem(currentChannel+"enc_key") encryption_keys = localStorage.getItem(currentChannel + 'enc_key')
} else { } else {
encryption_keys = "" encryption_keys = ''
} }
try { try {
socket.send(JSON.stringify({"id":"switchChannel","data":channelname})) socket.send(JSON.stringify({ id: 'switchChannel', data: channelname }))
} catch(err) { } catch (err) {
console.error(err) console.error(err)
} }
} }
function removeDuplicates(a) { function removeDuplicates(a) {
let prims = {"boolean":{}, "number":{}, "string":{}}, objs = []; let prims = { boolean: {}, number: {}, string: {} },
objs = []
return a.filter(function(item) { return a.filter(function (item) {
let type = typeof item; let type = typeof item
if(type in prims) if (type in prims)
return Object.prototype.hasOwnProperty.call(prims[type], item) ? false : (prims[type][item] = true); return Object.prototype.hasOwnProperty.call(prims[type], item)
else ? false
return objs.indexOf(item) >= 0 ? false : objs.push(item); : (prims[type][item] = true)
}); else return objs.indexOf(item) >= 0 ? false : objs.push(item)
})
} }
function createChannel(channelname,tab) { function createChannel(channelname, tab) {
channelname = decodeURIComponent(channelname) channelname = decodeURIComponent(channelname)
let channelp = document.createElement("p") let channelp = document.createElement('p')
channelp.classList.add("channel") channelp.classList.add('channel')
channelp.id = channelname channelp.id = channelname
let textnode = document.createTextNode(channelname) let textnode = document.createTextNode(channelname)
channelp.appendChild(textnode) channelp.appendChild(textnode)
channelp.addEventListener("click", function(){ channelp.addEventListener('click', function () {
switchChannel(channelname) switchChannel(channelname)
main() main()
unreply() unreply()
}) })
tab.appendChild(channelp) tab.appendChild(channelp)
} }
async function loadChannels() { async function loadChannels() {
// <!-- <p class="channel">- Channel Name -</p> --> // <!-- <p class="channel">- Channel Name -</p> -->
let dms = await (await fetch("/api/dms/conversations")).json() let dms = await (await fetch('/api/dms/conversations')).json()
let channels = [] let channels = []
for(let dm of dms) { for (let dm of dms) {
if(dm.dms_user_name === username) { if (dm.dms_user_name === username) {
channels[channels.length] = dm.dms_receiver channels[channels.length] = dm.dms_receiver
} else { } else {
channels[channels.length] = dm.dms_user_name channels[channels.length] = dm.dms_user_name
} }
} }
channels = removeDuplicates(channels) channels = removeDuplicates(channels)
let tab = document.getElementById("channelTab") let tab = document.getElementById('channelTab')
tab.innerHTML = "" tab.innerHTML = ''
for (let i = 0; i < channels.length; i++) { for (let i = 0; i < channels.length; i++) {
if(channels[i]==="")continue; if (channels[i] === '') continue
createChannel(channels[i],tab) createChannel(channels[i], tab)
} }
} }
function init() { function init() {
switchChannel(sessionStorage.getItem('lastdm') || 'none')
switchChannel(sessionStorage.getItem("lastdm") || "none") setInterval(update_pid, 30000)
update_pid()
setInterval(update_pid,30000) main()
update_pid() firstAsk()
main() loadChannels()
firstAsk()
loadChannels()
} }
async function clickPress(event) { async function clickPress(event) {
if (event.key === "Enter") { if (event.key === 'Enter') {
user = (await (await fetch("/api/getotheruser?user="+encodeURIComponent(document.getElementById("Username_input").value))).json()) user = await (
if(user.username === undefined) { await fetch(
alert("invalid username entered") '/api/getotheruser?user=' +
return encodeURIComponent(
} else { document.getElementById('Username_input').value
if(document.getElementById(user.username) === undefined) { )
let tab = document.getElementById("channelTab") )
createChannel(encodeURIComponent(user.username),tab) ).json()
} if (user.username === undefined) {
document.getElementById(user.username).click() alert('invalid username entered')
document.getElementById("Username_input").value = "" return
} } else {
} if (document.getElementById(user.username) === undefined) {
let tab = document.getElementById('channelTab')
createChannel(encodeURIComponent(user.username), tab)
}
document.getElementById(user.username).click()
document.getElementById('Username_input').value = ''
}
}
} }
init() init()

100
js/extend_key.js
View File

@ -1,18 +1,82 @@
// skipqc // skipqc
var sha256=function a(b){function c(a,b){return a>>>b|a<<32-b}for(var d,e,f=Math.pow,g=f(2,32),h="length",i="",j=[],k=8*b[h],l=a.h=a.h||[],m=a.k=a.k||[],n=m[h],o={},p=2;n<64;p++)if(!o[p]){for(d=0;d<313;d+=p)o[d]=p;l[n]=f(p,.5)*g|0,m[n++]=f(p,1/3)*g|0}for(b+="\x80";b[h]%64-56;)b+="\x00";for(d=0;d<b[h];d++){if(e=b.charCodeAt(d),e>>8)return;j[d>>2]|=e<<(3-d)%4*8}for(j[j[h]]=k/g|0,j[j[h]]=k,e=0;e<j[h];){var q=j.slice(e,e+=16),r=l;for(l=l.slice(0,8),d=0;d<64;d++){var s=q[d-15],t=q[d-2],u=l[0],v=l[4],w=l[7]+(c(v,6)^c(v,11)^c(v,25))+(v&l[5]^~v&l[6])+m[d]+(q[d]=d<16?q[d]:q[d-16]+(c(s,7)^c(s,18)^s>>>3)+q[d-7]+(c(t,17)^c(t,19)^t>>>10)|0),x=(c(u,2)^c(u,13)^c(u,22))+(u&l[1]^u&l[2]^l[1]&l[2]);l=[w+x|0].concat(l),l[4]=l[4]+w|0}for(d=0;d<8;d++)l[d]=l[d]+r[d]|0}for(d=0;d<8;d++)for(e=3;e+1;e--){var y=l[d]>>8*e&255;i+=(y<16?0:"")+y.toString(16)}return i}; var sha256 = function a(b) {
function c(a, b) {
function hash(str,salt,num) { return (a >>> b) | (a << (32 - b))
if(!num && num!==0)num=1;
if(!str)return;
if(!salt)salt=""
let ret = str;
for (let i = 0; i < num; i++) {
ret = sha256(ret+salt)
} }
return ret; for (
var d,
e,
f = Math.pow,
g = f(2, 32),
h = 'length',
i = '',
j = [],
k = 8 * b[h],
l = (a.h = a.h || []),
m = (a.k = a.k || []),
n = m[h],
o = {},
p = 2;
n < 64;
p++
)
if (!o[p]) {
for (d = 0; d < 313; d += p) o[d] = p
;(l[n] = (f(p, 0.5) * g) | 0), (m[n++] = (f(p, 1 / 3) * g) | 0)
}
for (b += '\x80'; (b[h] % 64) - 56; ) b += '\x00'
for (d = 0; d < b[h]; d++) {
if (((e = b.charCodeAt(d)), e >> 8)) return
j[d >> 2] |= e << (((3 - d) % 4) * 8)
}
for (j[j[h]] = (k / g) | 0, j[j[h]] = k, e = 0; e < j[h]; ) {
var q = j.slice(e, (e += 16)),
r = l
for (l = l.slice(0, 8), d = 0; d < 64; d++) {
var s = q[d - 15],
t = q[d - 2],
u = l[0],
v = l[4],
w =
l[7] +
(c(v, 6) ^ c(v, 11) ^ c(v, 25)) +
((v & l[5]) ^ (~v & l[6])) +
m[d] +
(q[d] =
d < 16
? q[d]
: (q[d - 16] +
(c(s, 7) ^ c(s, 18) ^ (s >>> 3)) +
q[d - 7] +
(c(t, 17) ^ c(t, 19) ^ (t >>> 10))) |
0),
x =
(c(u, 2) ^ c(u, 13) ^ c(u, 22)) +
((u & l[1]) ^ (u & l[2]) ^ (l[1] & l[2]))
;(l = [(w + x) | 0].concat(l)), (l[4] = (l[4] + w) | 0)
}
for (d = 0; d < 8; d++) l[d] = (l[d] + r[d]) | 0
}
for (d = 0; d < 8; d++)
for (e = 3; e + 1; e--) {
var y = (l[d] >> (8 * e)) & 255
i += (y < 16 ? 0 : '') + y.toString(16)
}
return i
} }
function extend(key,len) { function hash(str, salt, num) {
if (!num && num !== 0) num = 1
if (!str) return
if (!salt) salt = ''
let ret = str
for (let i = 0; i < num; i++) {
ret = sha256(ret + salt)
}
return ret
}
function extend(key, len) {
let temp = [] let temp = []
let out = [] let out = []
@ -20,18 +84,16 @@ function extend(key,len) {
let hashes = 0 let hashes = 0
for(let i=0;i<len/64;i++) { for (let i = 0; i < len / 64; i++) {
temp[0] = hash(key, '', ++hashes)
temp[0] = hash(key,"",++hashes) temp[1] = hash(key, '', ++hashes)
temp[1] = hash(key,"",++hashes) temp[2] = hash(key, '', ++hashes)
temp[2] = hash(key,"",++hashes) out[out.length] = hash(temp[0] + temp[1], temp[2], ++hashes)
out[out.length] = hash(temp[0]+temp[1],temp[2],++hashes)
temp = [] temp = []
} }
return out.join("").substring(0,len) return out.join('').substring(0, len)
} }

95
js/htmlescape.js
View File

@ -1,64 +1,63 @@
/** /**
* Copyright (C) 2017-present by Andrea Giammarchi - @WebReflection * Copyright (C) 2017-present by Andrea Giammarchi - @WebReflection
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE. * THE SOFTWARE.
*/ */
//https://github.com/WebReflection/html-escaper //https://github.com/WebReflection/html-escaper
const {replace} = ''; const { replace } = ''
const es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/gi; const es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/gi
const ca = /[&<>'"]/g; const ca = /[&<>'"]/g
const esca = { const esca = {
'&': '&amp;', '&': '&amp;',
'<': '&lt;', '<': '&lt;',
'>': '&gt;', '>': '&gt;',
"'": '&#39;', "'": '&#39;',
'"': '&quot;' '"': '&quot;',
}; }
const pe = m => esca[m]; const pe = (m) => esca[m]
const escape = es => replace.call(es, ca, pe);
const htmlesc = es => replace.call(es, ca, pe);
const escape = (es) => replace.call(es, ca, pe)
const htmlesc = (es) => replace.call(es, ca, pe)
const unes = { const unes = {
'&amp;': '&', '&amp;': '&',
'&#38;': '&', '&#38;': '&',
'&lt;': '<', '&lt;': '<',
'&#60;': '<', '&#60;': '<',
'&gt;': '>', '&gt;': '>',
'&#62;': '>', '&#62;': '>',
'&apos;': "'", '&apos;': "'",
'&#39;': "'", '&#39;': "'",
'&quot;': '"', '&quot;': '"',
'&#34;': '"' '&#34;': '"',
}; }
const cape = m => unes[m]; const cape = (m) => unes[m]
const unescape = un => replace.call(un, es, cape); const unescape = (un) => replace.call(un, es, cape)
function escape_special(str) { function escape_special(str) {
return str.replace(/\\/g,"\\\\").replace(/`/g,"\\`"); return str.replace(/\\/g, '\\\\').replace(/`/g, '\\`')
} }
function unescape_special(str) { function unescape_special(str) {
return str.replace(/\\\\/g,"\\").replace(/\\`/,"`"); return str.replace(/\\\\/g, '\\').replace(/\\`/, '`')
} }

8
js/httppost.js
View File

@ -1 +1,7 @@
window.post = function(url, data) {return fetch(url, {method: "POST", headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)});} window.post = function (url, data) {
return fetch(url, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(data),
})
}

22
js/index.js
View File

@ -1,12 +1,12 @@
window.addEventListener("load",async function(){ window.addEventListener('load', async function () {
let data = await(await fetch("/api/getuser")).json() let data = await (await fetch('/api/getuser')).json()
if(data["username"] !== undefined) { if (data['username'] !== undefined) {
document.getElementById("HasAccount").style="" document.getElementById('HasAccount').style = ''
} else { } else {
document.getElementById("NoAccount").style="" document.getElementById('NoAccount').style = ''
document.getElementById("hide_user").style="display:none;" document.getElementById('hide_user').style = 'display:none;'
document.getElementById("hide_posts").style="display:none;" document.getElementById('hide_posts').style = 'display:none;'
document.getElementById("hide_dms").style="display:none;" document.getElementById('hide_dms').style = 'display:none;'
//document.getElementById("hide_search").style="display:none;" //document.getElementById("hide_search").style="display:none;"
} }
}) })

26
js/login.js
View File

@ -1,21 +1,21 @@
async function login() { async function login() {
let r = (await post("/login",{ let r = await post('/login', {
user: document.getElementById("user").value, user: document.getElementById('user').value,
pass: document.getElementById("pass").value, pass: document.getElementById('pass').value,
r: REDIRECT_URL r: REDIRECT_URL,
})) })
if(!r.url.endsWith("/user") && !r.url.endsWith(REDIRECT_URL)) { if (!r.url.endsWith('/user') && !r.url.endsWith(REDIRECT_URL)) {
document.getElementById("pass").value = "" document.getElementById('pass').value = ''
console.error("login failed") console.error('login failed')
alert("Login failed, please make sure you have the right password") alert('Login failed, please make sure you have the right password')
return; return
} }
window.location = REDIRECT_URL || "/user" window.location = REDIRECT_URL || '/user'
} }
let passfield = document.getElementById("pass") let passfield = document.getElementById('pass')
function passkeydown(e) { function passkeydown(e) {
if(e.code === "Enter") { if (e.code === 'Enter') {
login() login()
} }
} }

92
js/markdown.js
View File

@ -1,45 +1,56 @@
const urlregex = /(([a-z]+:\/\/)(([a-z0-9\-]+\.)+([a-z]{2}|aero|arpa|app|biz|com|coop|edu|gov|info|int|jobs|mil|museum|name|nato|net|org|pro|travel|local|internal|tk|rocks|ga|to))(:[0-9]{1,5})?(\/[a-z0-9_\-\.~]+)*(\/([a-z0-9_\-\.]*)(\?[a-z0-9+_\-\.%=&amp;]*)?)?(#[a-zA-Z0-9!$&'()*+.=-_~:@/?]*)?)(\s+|$)/gi const urlregex =
/(([a-z]+:\/\/)(([a-z0-9\-]+\.)+([a-z]{2}|aero|arpa|app|biz|com|coop|edu|gov|info|int|jobs|mil|museum|name|nato|net|org|pro|travel|local|internal|tk|rocks|ga|to))(:[0-9]{1,5})?(\/[a-z0-9_\-\.~]+)*(\/([a-z0-9_\-\.]*)(\?[a-z0-9+_\-\.%=&amp;]*)?)?(#[a-zA-Z0-9!$&'()*+.=-_~:@/?]*)?)(\s+|$)/gi
function urlify(text) { function urlify(text) {
return text.replace(urlregex,'<a href="$1" target="_blank" class="insertedlink">$1</a> ') return text.replace(
urlregex,
'<a href="$1" target="_blank" class="insertedlink">$1</a> '
)
} }
const newlregex = /(\n)/gi const newlregex = /(\n)/gi
function newlineify(text) { function newlineify(text) {
return text.replace(newlregex,' <br>') return text.replace(newlregex, ' <br>')
} }
const crossregex = /~([^~]*)~/gi const crossregex = /~([^~]*)~/gi
function crossout(text) { function crossout(text) {
return text.replace(crossregex,'<span class="crossout">$1</span>') return text.replace(crossregex, '<span class="crossout">$1</span>')
} }
const italicregex = /\*([^\*]*)\*/gi const italicregex = /\*([^\*]*)\*/gi
function italicify(text) { function italicify(text) {
return text.replace(italicregex,'<i>$1</i> ') return text.replace(italicregex, '<i>$1</i> ')
} }
const boldregex = /\*\*([^\*]*)\*\*/gi const boldregex = /\*\*([^\*]*)\*\*/gi
function boldify(text) { function boldify(text) {
return text.replace(boldregex,'<b>$1</b> ') return text.replace(boldregex, '<b>$1</b> ')
} }
const mentionregex = /@([^\s]*)/gi const mentionregex = /@([^\s]*)/gi
function filterMentions(text) { function filterMentions(text) {
return text.replace(mentionregex,`<span><a href="/users/$1" class="mention">$1</a></span> `) return text.replace(
mentionregex,
`<span><a href="/users/$1" class="mention">$1</a></span> `
)
} }
const emojiregex = /:([^:\s]*):/gi const emojiregex = /:([^:\s]*):/gi
function emojify(text) { function emojify(text) {
return text.replace(emojiregex,"<img class='emoji' src='/images/emoji/$1.png' alt=':$1:' title=':$1:' height=20/>") return text.replace(
emojiregex,
"<img class='emoji' src='/images/emoji/$1.png' alt=':$1:' title=':$1:' height=20/>"
)
} }
function unemojify(text){ function unemojify(text) {
text = text.replace(/\u{1F5FF}/gu,":moyai:") text = text.replace(/\u{1F5FF}/gu, ':moyai:')
text = text.replace(/\u{1F440}/gu,":eyes:") text = text.replace(/\u{1F440}/gu, ':eyes:')
return text return text
} }
const allregex = /(```([^```]*)```)|(\n)|(~([^~]*)~)|(\*\*([^\*]*)\*\*)|(\*([^\*]*)\*)|(@[^\s]*)|(:([^:\s]*):)/gi const allregex =
/(```([^```]*)```)|(\n)|(~([^~]*)~)|(\*\*([^\*]*)\*\*)|(\*([^\*]*)\*)|(@[^\s]*)|(:([^:\s]*):)/gi
const cdblregex = /```([^```]*)```/gi const cdblregex = /```([^```]*)```/gi
@ -48,29 +59,28 @@ const cdblregex = /```([^```]*)```/gi
* @param {string} text text to filter/format * @param {string} text text to filter/format
* @return {string} html that represents the filtered text * @return {string} html that represents the filtered text
*/ */
function filterPost(text){ function filterPost(text) {
text = unemojify(text) text = unemojify(text)
let result = htmlesc(text).replace(allregex, function (match) { let result = htmlesc(text).replace(allregex, function (match) {
let out = match let out = match
if(cdblregex.test(match)) { if (cdblregex.test(match)) {
let paddlen = 3 let paddlen = 3
out = out.substring(paddlen,out.length-paddlen).trim()+"\n" out = out.substring(paddlen, out.length - paddlen).trim() + '\n'
out = newlineify(out) out = newlineify(out)
return `<div class="ovfl-bw"><code>${out}</code></div>` return `<div class="ovfl-bw"><code>${out}</code></div>`
} }
out = newlineify(out) out = newlineify(out)
out = urlify(out) out = urlify(out)
out = emojify(out) out = emojify(out)
out = filterMentions(out) out = filterMentions(out)
out = crossout(out) out = crossout(out)
out = boldify(out) out = boldify(out)
out = italicify(out) out = italicify(out)
return out return out
})
}); return result
return result
} }
/** /**
@ -79,12 +89,12 @@ function filterPost(text){
* @return {string} html that represents the filtered text * @return {string} html that represents the filtered text
*/ */
function filterReply(text) { function filterReply(text) {
text = htmlesc(text) text = htmlesc(text)
text = newlineify(text) text = newlineify(text)
text = urlify(text) text = urlify(text)
text = crossout(text) text = crossout(text)
text = boldify(text) text = boldify(text)
text = italicify(text) text = italicify(text)
return text return text
} }

42
js/modal.js
View File

@ -1,28 +1,28 @@
function createModal(text,renderAsHTML=false) { function createModal(text, renderAsHTML = false) {
if(!document.getElementById("modal")) { if (!document.getElementById('modal')) {
const shade = document.createElement("div") const shade = document.createElement('div')
shade.id = "modal-shade" shade.id = 'modal-shade'
const m = document.createElement("div") const m = document.createElement('div')
m.id = "modal" m.id = 'modal'
const close = document.createElement("button") const close = document.createElement('button')
close.id = "modal-close-button" close.id = 'modal-close-button'
close.innerText = "Close" close.innerText = 'Close'
close.onclick = function() { close.onclick = function () {
m.style.display = shade.style.display = 'none'; m.style.display = shade.style.display = 'none'
} }
const textdiv = document.createElement("div") const textdiv = document.createElement('div')
textdiv.id = "modal-text-div" textdiv.id = 'modal-text-div'
m.appendChild(textdiv) m.appendChild(textdiv)
m.appendChild(close) m.appendChild(close)
document.body.insertBefore(m,document.body.children[0]) document.body.insertBefore(m, document.body.children[0])
document.body.insertBefore(shade,document.body.children[0]) document.body.insertBefore(shade, document.body.children[0])
} }
const currentModal = document.getElementById("modal") const currentModal = document.getElementById('modal')
const shade = document.getElementById("modal-shade") const shade = document.getElementById('modal-shade')
if(renderAsHTML) { if (renderAsHTML) {
document.getElementById("modal-text-div").innerHTML = text document.getElementById('modal-text-div').innerHTML = text
} else { } else {
document.getElementById("modal-text-div").innerText = text document.getElementById('modal-text-div').innerText = text
} }
currentModal.style.display = shade.style.display = "block" currentModal.style.display = shade.style.display = 'block'
} }

957
js/posts.js
View File

File diff suppressed because it is too large Load Diff

49
js/register.js
View File

@ -1,37 +1,42 @@
async function register() { async function register() {
if(document.getElementById("pass").value.length < 10) { if (document.getElementById('pass').value.length < 10) {
alert("Password has to be at least 10 characters long") alert('Password has to be at least 10 characters long')
return; return
} }
if(document.getElementById("user").value.length > 25) { if (document.getElementById('user').value.length > 25) {
alert("Username is too long!") alert('Username is too long!')
return; return
} }
if(document.getElementById("user").value.search("@") !== -1) { if (document.getElementById('user').value.search('@') !== -1) {
alert("User cannot contain '@' character!") alert("User cannot contain '@' character!")
return; return
} }
let r = (await post("/register",{ let r = await post('/register', {
user: document.getElementById("user").value, user: document.getElementById('user').value,
pass: document.getElementById("pass").value, pass: document.getElementById('pass').value,
r: REDIRECT_URL r: REDIRECT_URL,
})) })
if(!r.url.endsWith("/user?success=true") && !r.url.endsWith(REDIRECT_URL)) { if (
if(r.url.endsWith("already_exists")) { !r.url.endsWith('/user?success=true') &&
alert("An account with that name already exists! Did you mean to login?") !r.url.endsWith(REDIRECT_URL)
) {
if (r.url.endsWith('already_exists')) {
alert(
'An account with that name already exists! Did you mean to login?'
)
return return
} }
//fallback //fallback
document.getElementById("pass").value = "" document.getElementById('pass').value = ''
console.error("registration failed") console.error('registration failed')
alert("Registration failed") alert('Registration failed')
return; return
} }
window.location = REDIRECT_URL || "/user" window.location = REDIRECT_URL || '/user'
} }
function passkeydown(e) { function passkeydown(e) {
if(e.code === "Enter") { if (e.code === 'Enter') {
register() register()
} }
} }

121
js/search.js
View File

@ -1,10 +1,11 @@
const valuetoText = { const valuetoText = {
"user":"Username", user: 'Username',
"post":"Post" post: 'Post',
} }
function changed() { function changed() {
document.getElementById("selector").placeholder = valuetoText[document.getElementById("type").value]; document.getElementById('selector').placeholder =
valuetoText[document.getElementById('type').value]
} }
async function getJSON(url) { async function getJSON(url) {
@ -12,69 +13,83 @@ async function getJSON(url) {
} }
async function submit() { async function submit() {
const type = document.getElementById("type").value const type = document.getElementById('type').value
const selector = document.getElementById("selector").value const selector = document.getElementById('selector').value
document.getElementById("output").innerHTML="" document.getElementById('output').innerHTML = ''
const res = await getJSON(`/api/search?type=${type}&selector=${selector}`) const res = await getJSON(`/api/search?type=${type}&selector=${selector}`)
//document.getElementById("output").innerHTML = res //document.getElementById("output").innerHTML = res
console.log(res); console.log(res)
for (let i = 0; i < res.length; i++) { for (let i = 0; i < res.length; i++) {
let obj = res[i] let obj = res[i]
if(type === "user") { if (type === 'user') {
createPost(decodeURIComponent(obj.User_Name || ""),decodeURIComponent(obj.User_Bio || "wow such empty"),0) createPost(
} else { decodeURIComponent(obj.User_Name || ''),
createPost(decodeURIComponent(obj.post_user_name),decodeURIComponent(obj.post_text),obj.post_time,obj.post_special_text,obj.post_id) decodeURIComponent(obj.User_Bio || 'wow such empty'),
0
)
} else {
createPost(
decodeURIComponent(obj.post_user_name),
decodeURIComponent(obj.post_text),
obj.post_time,
obj.post_special_text,
obj.post_id
)
}
} }
}
} }
function keydown(event) { function keydown(event) {
if (event.key === "Enter") { if (event.key === 'Enter') {
event.preventDefault() event.preventDefault()
submit() submit()
} }
} }
function spacerTextNode() { function spacerTextNode() {
return document.createTextNode(" | ") return document.createTextNode(' | ')
} }
function createPost(username,text,time,specialtext,postid) { function createPost(username, text, time, specialtext, postid) {
if(!specialtext)specialtext="" if (!specialtext) specialtext = ''
const newDiv = document.createElement("div"); const newDiv = document.createElement('div')
const newP = document.createElement("p"); const newP = document.createElement('p')
const newA = document.createElement("a"); const newA = document.createElement('a')
const newSpan2 = document.createElement("span"); const newSpan2 = document.createElement('span')
const newSpan3 = document.createElement("span"); const newSpan3 = document.createElement('span')
const newUsername = document.createTextNode(username); const newUsername = document.createTextNode(username)
let timedate = new Date(time) let timedate = new Date(time)
time = timedate time = timedate
time = time.toString() time = time.toString()
time = time.split(" ") time = time.split(' ')
time = time[0] + " " + time[1] + " " + time[2] + " " + time[3] + " " + time[4] time =
if(timedate==="Thu Jan 01 1970 01:00:00 GMT+0100 (Central European Standard Time)")time="" time[0] + ' ' + time[1] + ' ' + time[2] + ' ' + time[3] + ' ' + time[4]
const newTime = document.createTextNode(time) if (
const newSpecialText = document.createTextNode(specialtext) timedate ===
'Thu Jan 01 1970 01:00:00 GMT+0100 (Central European Standard Time)'
)
time = ''
const newTime = document.createTextNode(time)
const newSpecialText = document.createTextNode(specialtext)
newDiv.classList.add("result"); newDiv.classList.add('result')
newSpan3.classList.add("specialtext") newSpan3.classList.add('specialtext')
newA.appendChild(newUsername) newA.appendChild(newUsername)
newA.href = `/users/${username}` newA.href = `/users/${username}`
newSpan2.appendChild(newTime) newSpan2.appendChild(newTime)
newSpan3.appendChild(newSpecialText) newSpan3.appendChild(newSpecialText)
newP.appendChild(newA)
if (time !== '') newP.appendChild(spacerTextNode())
newP.appendChild(newSpan2)
if (specialtext !== '' && time !== '') newP.appendChild(spacerTextNode())
newP.appendChild(newSpan3)
newP.appendChild(newA) newDiv.appendChild(newP)
if(time !== "")newP.appendChild(spacerTextNode()) newDiv.innerHTML += filterPost(text) // skipqc
newP.appendChild(newSpan2) newDiv.id = postid
if(specialtext !== "" && time !== "")newP.appendChild(spacerTextNode()) document.getElementById('output').appendChild(newDiv)
newP.appendChild(newSpan3)
newDiv.appendChild(newP)
newDiv.innerHTML += filterPost(text) // skipqc
newDiv.id = postid
document.getElementById("output").appendChild(newDiv)
} }

218
js/settings.js
View File

@ -1,138 +1,158 @@
function completeHandler(event) { function completeHandler(event) {
console.log("completed upload"); console.log('completed upload')
console.log(event.target.responseText); console.log(event.target.responseText)
setuser() // skipqc setuser() // skipqc
} }
function errorHandler(event) { function errorHandler(event) {
console.log("error during upload"); console.log('error during upload')
console.log(event.target.responseText); console.log(event.target.responseText)
} }
function progressHandler(event) { function progressHandler(event) {
console.log("progressing upload"); console.log('progressing upload')
console.log("Uploaded " + event.loaded + " bytes of " + event.total); console.log('Uploaded ' + event.loaded + ' bytes of ' + event.total)
console.log(event.target.responseText); console.log(event.target.responseText)
} }
/** /**
* upload avatar to the server * upload avatar to the server
* @return {undefined} no return value * @return {undefined} no return value
*/ */
function uploadFile() { function uploadFile() {
const file = document.getElementById("avatarUpl").files[0]; const file = document.getElementById('avatarUpl').files[0]
console.log(file); console.log(file)
const formdata = new FormData(); const formdata = new FormData()
formdata.append("avatar", file); formdata.append('avatar', file)
const ajax = new XMLHttpRequest(); const ajax = new XMLHttpRequest()
ajax.upload.addEventListener("progress", progressHandler, false); ajax.upload.addEventListener('progress', progressHandler, false)
ajax.addEventListener("load", completeHandler, false); ajax.addEventListener('load', completeHandler, false)
ajax.addEventListener("error", errorHandler, false); ajax.addEventListener('error', errorHandler, false)
ajax.addEventListener("abort", errorHandler, false); ajax.addEventListener('abort', errorHandler, false)
ajax.open("POST", "/api/setavatar"); ajax.open('POST', '/api/setavatar')
ajax.send(formdata); ajax.send(formdata)
document.getElementById("avatarUplButton").style = "display:none;"; document.getElementById('avatarUplButton').style = 'display:none;'
} }
function logout() { function logout() {
location.assign('/logout') location.assign('/logout')
} }
async function setuser() { async function setuser() {
let user = await (await fetch("/api/getuser")).json(); let user = await (await fetch('/api/getuser')).json()
let username let username
let bio let bio
let avatar let avatar
username = user["username"]; username = user['username']
bio = user["bio"] bio = user['bio']
avatar = user["avatar"] avatar = user['avatar']
if(user["error"])username=user["error"]; if (user['error']) username = user['error']
if(user["error"])bio=user["error"]; if (user['error']) bio = user['error']
if(!bio)bio="wow such empty" if (!bio) bio = 'wow such empty'
if(avatar) { if (avatar) {
avatar = "/avatars/"+avatar avatar = '/avatars/' + avatar
} else { } else {
avatar = "/images/default_avatar.png" avatar = '/images/default_avatar.png'
} }
document.getElementById("user").innerText = `User: ${username}`; document.getElementById('user').innerText = `User: ${username}`
document.getElementById("bio").placeholder = decodeURIComponent(bio); document.getElementById('bio').placeholder = decodeURIComponent(bio)
document.getElementById("avatarimg").src = avatar; document.getElementById('avatarimg').src = avatar
document.getElementById("avatarUpl").addEventListener("change", function(){ document
document.getElementById("avatarUplButton").style = ""; .getElementById('avatarUpl')
}) .addEventListener('change', function () {
document.getElementById("avatarUplButton").addEventListener("click",uploadFile); document.getElementById('avatarUplButton').style = ''
})
document
.getElementById('avatarUplButton')
.addEventListener('click', uploadFile)
} }
/** /**
* sets user bio * sets user bio
* @param {string} str - bio to set * @param {string} str - bio to set
* @return {promise} api response * @return {promise} api response
*/ */
function sendBio(str) { function sendBio(str) {
if(document.getElementById("bio").placeholder !== str && str !== "") { if (document.getElementById('bio').placeholder !== str && str !== '') {
document.getElementById("bio").placeholder = str document.getElementById('bio').placeholder = str
return post("/api/setBio",{"Bio":str}) // skipqc return post('/api/setBio', { Bio: str }) // skipqc
} }
return "" return ''
} }
async function bioChanger() { async function bioChanger() {
document.getElementById("bio").disabled = !document.getElementById("bio").disabled document.getElementById('bio').disabled =
document.getElementById("changeBio").innerText = (document.getElementById("bio").disabled && "Change Bio") || "Submit" !document.getElementById('bio').disabled
if(document.getElementById("bio").disabled) { document.getElementById('changeBio').innerText =
let response = await sendBio(document.getElementById("bio").value) (document.getElementById('bio').disabled && 'Change Bio') || 'Submit'
console.log(response); if (document.getElementById('bio').disabled) {
document.getElementById("userstyle").innerHTML = '::placeholder {color: white;} #bio {border: 0px solid black; color:white;}' let response = await sendBio(document.getElementById('bio').value)
} console.log(response)
else document.getElementById('userstyle').innerHTML =
{ '::placeholder {color: white;} #bio {border: 0px solid black; color:white;}'
document.getElementById("userstyle").innerHTML = '::placeholder {color: white;} #bio {border: 2px solid gray; color:white;}' } else {
} document.getElementById('userstyle').innerHTML =
'::placeholder {color: white;} #bio {border: 2px solid gray; color:white;}'
}
} }
async function changePW() { async function changePW() {
if(window.confirm("Are you sure that you want to change your Password?")){ if (window.confirm('Are you sure that you want to change your Password?')) {
let re = await (await post("/api/changePW",{"currentPW":document.getElementById("currentPW_pw").value,"newPW":document.getElementById("newPW").value})).json() // skipqc let re = await (
document.getElementById("response_pw").innerText = re["error"] || re["success"] await post('/api/changePW', {
document.getElementById("response_pw").style="color:green" currentPW: document.getElementById('currentPW_pw').value,
if(re["error"]) { newPW: document.getElementById('newPW').value,
document.getElementById("response_pw").style="color:red" })
} ).json() // skipqc
document.getElementById("currentPW").value = "" document.getElementById('response_pw').innerText =
document.getElementById("newPW").value = "" re['error'] || re['success']
document.getElementById('response_pw').style = 'color:green'
if (re['error']) {
document.getElementById('response_pw').style = 'color:red'
}
document.getElementById('currentPW').value = ''
document.getElementById('newPW').value = ''
setuser() setuser()
} }
} }
async function changeUsername() { async function changeUsername() {
if(window.confirm("Are you sure that you want to change your Username?")){ if (window.confirm('Are you sure that you want to change your Username?')) {
// skipqc // skipqc
let re = await (await post("/api/changeUsername",{"currentPW":document.getElementById("currentPW_us").value.toString(),"newUsername":document.getElementById("newUsername").value})).json() let re = await (
document.getElementById("response_us").innerText = re["error"] || re["success"] await post('/api/changeUsername', {
document.getElementById("response_us").style="color:green" currentPW: document
if(re["error"]) { .getElementById('currentPW_us')
document.getElementById("response_us").style="color:red" .value.toString(),
newUsername: document.getElementById('newUsername').value,
})
).json()
document.getElementById('response_us').innerText =
re['error'] || re['success']
document.getElementById('response_us').style = 'color:green'
if (re['error']) {
document.getElementById('response_us').style = 'color:red'
}
document.getElementById('currentPW').value = ''
document.getElementById('newUsername').value = ''
setuser()
} }
document.getElementById("currentPW").value = ""
document.getElementById("newUsername").value = ""
setuser()
}
} }
async function setAllowCCR() { async function setAllowCCR() {
const ACCR = document.getElementById("ACCR_checkbox").checked const ACCR = document.getElementById('ACCR_checkbox').checked
const settingname = "ACCR" //Allow Cross-Channel reply (see #22 ) const settingname = 'ACCR' //Allow Cross-Channel reply (see #22 )
let r = await(await post("/api/settings",{setting: settingname, value: ACCR})).json() // skipqc let r = await (
await post('/api/settings', { setting: settingname, value: ACCR })
).json() // skipqc
if(r.status === "error") { if (r.status === 'error') {
alert("Couldn't change setting") alert("Couldn't change setting")
console.log(r.code) console.log(r.code)
} else if(r.status === "success") { } else if (r.status === 'success') {
//changed setting //changed setting
} }
} }

83
js/user.js
View File

@ -1,53 +1,54 @@
function getCookie(cname) { function getCookie(cname) {
let name = cname + "="; let name = cname + '='
let decodedCookie = decodeURIComponent(document.cookie); let decodedCookie = decodeURIComponent(document.cookie)
let ca = decodedCookie.split(';'); let ca = decodedCookie.split(';')
for(let i = 0; i <ca.length; i++) { for (let i = 0; i < ca.length; i++) {
let c = ca[i]; let c = ca[i]
while (c.charAt(0) ===' ') { while (c.charAt(0) === ' ') {
c = c.substring(1); c = c.substring(1)
}
if (c.indexOf(name) === 0) {
return c.substring(name.length, c.length)
}
} }
if (c.indexOf(name) === 0) { return ''
return c.substring(name.length, c.length);
}
}
return "";
} }
function setCookie(cname, cvalue, exdays) { function setCookie(cname, cvalue, exdays) {
const d = new Date(); const d = new Date()
d.setTime(d.getTime() + (exdays*24*60*60*1000)); d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000)
let expires = "expires="+ d.toUTCString(); let expires = 'expires=' + d.toUTCString()
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; document.cookie = cname + '=' + cvalue + ';' + expires + ';path=/'
} }
function logout() { function logout() {
localStorage.setItem("priv_key","") localStorage.setItem('priv_key', '')
localStorage.setItem("decryption_key","") localStorage.setItem('decryption_key', '')
location.assign('/logout') location.assign('/logout')
} }
async function setuser() { async function setuser() {
if(getCookie("priv_key") !== "") { if (getCookie('priv_key') !== '') {
localStorage.setItem("priv_key",getCookie("priv_key")) localStorage.setItem('priv_key', getCookie('priv_key'))
setCookie("priv_key","",0) setCookie('priv_key', '', 0)
} }
let user = await (await fetch("/api/getuser")).json(); let user = await (await fetch('/api/getuser')).json()
let username let username
let bio let bio
let avatar let avatar
username = user["username"]; username = user['username']
bio = user["bio"] bio = user['bio']
avatar = user["avatar"] avatar = user['avatar']
if(user["error"])username=user["error"]; if (user['error']) username = user['error']
if(user["error"])bio=user["error"]; if (user['error']) bio = user['error']
if(!bio)bio="wow such empty" if (!bio) bio = 'wow such empty'
if(avatar) { if (avatar) {
avatar = "/avatars/"+avatar avatar = '/avatars/' + avatar
} else { } else {
avatar = "/images/default_avatar.png" avatar = '/images/default_avatar.png'
} }
document.getElementById("user").innerText = `User: ${username}`; document.getElementById('user').innerText = `User: ${username}`
document.getElementById("userBio").innerText = "Bio: " + decodeURIComponent(bio); document.getElementById('userBio').innerText =
document.getElementById("avatarimg").src = avatar; 'Bio: ' + decodeURIComponent(bio)
document.getElementById('avatarimg').src = avatar
} }

15
js/warn_message.js
View File

@ -1,10 +1,13 @@
const warn_messages = [ const warn_messages = [
["%cDo not paste any text in here","background: red; color: yellow; font-size: x-large"], [
["Pasting anything in here may give others access to your account."] '%cDo not paste any text in here',
'background: red; color: yellow; font-size: x-large',
],
['Pasting anything in here may give others access to your account.'],
] ]
function warnmessage() { function warnmessage() {
for (let message of warn_messages) { for (let message of warn_messages) {
console.log(message[0],message[1]); console.log(message[0], message[1])
} }
} }
const warn_message_int = setInterval(warnmessage,3000) const warn_message_int = setInterval(warnmessage, 3000)

8280
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

91
package.json
View File

@ -1,44 +1,51 @@
{ {
"dependencies": { "dependencies": {
"body-parser": "^2.2", "body-parser": "^2.2",
"clean-css": "^5.3", "clean-css": "^5.3",
"compression": "^1.8", "compression": "^1.8",
"cookie-parser": "^1.4", "cookie-parser": "^1.4",
"ejs": "^3.1", "cookie-signature": "^1.2.2",
"express": "^5.1", "ejs": "^3.1",
"express-fileupload": "^1.5", "express": "^5.1",
"express-useragent": "^1.0", "express-fileupload": "^1.5",
"hcaptcha": "^0.2", "express-useragent": "^1.0",
"html-minifier-terser": "^7.2.0", "hcaptcha": "^0.2",
"lru-cache": "^11.1", "html-minifier-terser": "^7.2.0",
"mysql2": "^3.14", "lru-cache": "^11.1",
"sharp": "^0.34", "mysql2": "^3.14",
"swagger-autogen": "^2.23", "sharp": "^0.34",
"uglify-js": "^3.19", "swagger-autogen": "^2.23",
"unsafe_encrypt": "^1.0.4", "uglify-js": "^3.19",
"ws": "^8.13.0", "unsafe_encrypt": "^1.0.4",
"cookie-signature": "^1.2.2" "ws": "^8.18"
}, },
"scripts": { "scripts": {
"start": "node server.js", "start": "node server.js",
"test": "node tests" "test": "node tests",
}, "prepare": "husky install"
"type": "module", },
"name": "ipost", "type": "module",
"description": "IPost is a revolutionary open-source chatting platform featuring an innovative design", "name": "ipost",
"version": "1.0.0", "description": "IPost is a revolutionary open-source chatting platform featuring an innovative design",
"main": "server.js", "version": "1.0.0",
"repository": { "main": "server.js",
"type": "git", "repository": {
"url": "git+https://github.com/002Hub/IPost.git" "type": "git",
}, "url": "git+https://github.com/002Hub/IPost.git"
"author": "", },
"license": "ISC", "author": "",
"bugs": { "license": "ISC",
"url": "https://github.com/002Hub/IPost/issues" "bugs": {
}, "url": "https://github.com/002Hub/IPost/issues"
"homepage": "https://github.com/002Hub/IPost#readme", },
"devDependencies": { "homepage": "https://github.com/002Hub/IPost#readme",
"@hcaptcha/types": "^1.0.3" "devDependencies": {
} "@hcaptcha/types": "^1.0.3",
"husky": "^9.1.7",
"lint-staged": "^15.5.1",
"prettier": "^3.5"
},
"lint-staged": {
"*.{js,css,md}": "prettier --write"
}
} }

1285
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

2
pnpm-workspace.yaml
View File

@ -1,2 +1,2 @@
onlyBuiltDependencies: onlyBuiltDependencies:
- sharp - sharp

188
routes/api/all.js
View File

@ -1,122 +1,148 @@
import fs from "fs"; import fs from 'fs'
import { SHA256 } from "../../extra_modules/SHA.js"; import { SHA256 } from '../../extra_modules/SHA.js'
import { unsign } from "../../extra_modules/unsign.js"; import { unsign } from '../../extra_modules/unsign.js'
const config = JSON.parse(fs.readFileSync("server_config.json")); const config = JSON.parse(fs.readFileSync('server_config.json'))
const HASHES_DB = config.cookies.server_hashes; const HASHES_DB = config.cookies.server_hashes
const HASHES_COOKIE = config.cookies.client_hashes; const HASHES_COOKIE = config.cookies.client_hashes
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.use("/*path", (req, res, next) => { router.use('/*path', (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set('Access-Control-Allow-Origin', '*') //we'll allow it for now
let unsigned; let unsigned
req.body = req.body || {}; req.body = req.body || {}
if (typeof req.get("ipost-auth-token") === "string") { if (typeof req.get('ipost-auth-token') === 'string') {
try { try {
req.body.auth = JSON.parse(req.get("ipost-auth-token")) req.body.auth = JSON.parse(req.get('ipost-auth-token'))
} catch (err) { } catch (err) {
console.log("error parsing header", err) console.log('error parsing header', err)
} }
} }
if (req.body.auth !== undefined && req.originalUrl !== "/redeemauthcode") { if (
if (typeof req.body.auth === "string") { req.body.auth !== undefined &&
req.originalUrl !== '/redeemauthcode'
) {
if (typeof req.body.auth === 'string') {
try { try {
req.body.auth = JSON.parse(req.body.auth) req.body.auth = JSON.parse(req.body.auth)
} catch (err) { } catch (err) {
console.log("error parsing", err) console.log('error parsing', err)
} }
} else } else if (
if ( typeof req.body.auth !== 'object' ||
typeof req.body.auth !== "object" || typeof req.body.auth.secret !== 'string' ||
typeof req.body.auth.secret !== "string" || typeof req.body.auth.appid !== 'number' ||
typeof req.body.auth.appid !== "number" || typeof req.body.auth.auth_token !== 'string' ||
typeof req.body.auth.auth_token !== "string" || req.body.auth.secret.length !== 200 ||
req.body.auth.secret.length !== 200 || req.body.auth.auth_token.length !== 200 ||
req.body.auth.auth_token.length !== 200 || Buffer.from(req.body.auth.secret, 'base64').length !== 150
Buffer.from(req.body.auth.secret, "base64").length !== 150 ) {
) { res.status(420).send('invalid authentication object')
res.status(420).send("invalid authentication object") return
return; } else {
} else { //secret : string(200 chars)
//secret : string(200 chars) //appid : number
//appid : number //auth_token: string(200 chars)
//auth_token: string(200 chars) let sql =
let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?" 'select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?'
con.query(sql, [SHA256(req.body.auth.auth_token, req.body.auth.appid, HASHES_DB), SHA256(req.body.auth.secret, req.body.auth.appid, HASHES_DB), req.body.auth.appid], (err, result) => { con.query(
if (err) throw err; sql,
[
SHA256(
req.body.auth.auth_token,
req.body.auth.appid,
HASHES_DB
),
SHA256(
req.body.auth.secret,
req.body.auth.appid,
HASHES_DB
),
req.body.auth.appid,
],
(err, result) => {
if (err) throw err
if (result.length !== 1) { if (result.length !== 1) {
res.status(420).send("invalid authentication object (or server error?)") res.status(420).send(
return; 'invalid authentication object (or server error?)'
)
return
} }
res.locals.userid = result[0].User_ID; res.locals.userid = result[0].User_ID
res.locals.username = result[0].User_Name; res.locals.username = result[0].User_Name
res.locals.bio = result[0].User_Bio || ""; res.locals.bio = result[0].User_Bio || ''
res.locals.avatar = result[0].User_Avatar || ""; res.locals.avatar = result[0].User_Avatar || ''
res.locals.settings = result[0].User_Settings || {}; res.locals.settings = result[0].User_Settings || {}
res.locals.isbot = true; //only apps/bots use auth tokens res.locals.isbot = true //only apps/bots use auth tokens
next() next()
}) }
return; )
} return
}
} else { } else {
if (!req.cookies.AUTH_COOKIE) { if (!req.cookies.AUTH_COOKIE) {
next() next()
return return
} }
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res); unsigned = unsign(req.cookies.AUTH_COOKIE, req, res)
if (!unsigned) { if (!unsigned) {
next() next()
return return
} }
} }
let sql = `select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`; let sql = `select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" "); let values = unsigned.split(' ')
values[1] = SHA256(values[1], values[0], HASHES_DIFF); values[1] = SHA256(values[1], values[0], HASHES_DIFF)
res.locals.bio = ""; res.locals.bio = ''
res.locals.avatar = ""; res.locals.avatar = ''
res.locals.settings = {}; res.locals.settings = {}
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) throw err
throw err; if (
if (result[0] && result[0].User_Name && result[0].User_Name === values[0]) { result[0] &&
result[0].User_Name &&
res.locals.userid = result[0].User_ID; result[0].User_Name === values[0]
res.locals.username = result[0].User_Name; ) {
res.locals.bio = result[0].User_Bio || ""; res.locals.userid = result[0].User_ID
res.locals.avatar = result[0].User_Avatar || ""; res.locals.username = result[0].User_Name
res.locals.settings = result[0].User_Settings || {}; res.locals.bio = result[0].User_Bio || ''
res.locals.avatar = result[0].User_Avatar || ''
res.locals.settings = result[0].User_Settings || {}
} }
next() next()
}); })
}); })
router.use("/api/*path", (req, res, next) => { router.use('/api/*path', (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set('Access-Control-Allow-Origin', '*') //we'll allow it for now
if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] === "/api/getotheruser") { if (
next(); config['allow_getotheruser_without_cookie'] &&
return; req.originalUrl.split('\?')[0] === '/api/getotheruser'
) {
next()
return
} }
if (!server.increaseAPICall(req, res)) return; if (!server.increaseAPICall(req, res)) return
if (res.locals.username !== undefined) { if (res.locals.username !== undefined) {
next(); next()
} } else {
else { res.status(402)
res.status(402); res.json({
res.json({ "error": "you cannot access the api without being logged in" }); error: 'you cannot access the api without being logged in',
})
} }
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
}; }
export default { export default {
setup setup,
}; }

121
routes/api/dms/PersonalMessages.js
View File

@ -1,71 +1,94 @@
//const web_version = require("unsafe_encrypt").web_version //const web_version = require("unsafe_encrypt").web_version
import { web_version } from "unsafe_encrypt"; import { web_version } from 'unsafe_encrypt'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.get("/api/getPersonalPosts", function (req, res) { router.get('/api/getPersonalPosts', function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set('Access-Control-Allow-Origin', '')
let otherperson = encodeURIComponent(req.query.otherperson || ""); let otherperson = encodeURIComponent(req.query.otherperson || '')
if (typeof otherperson !== "string" || otherperson.length > 100 || otherperson === "") { if (
res.status(410).json({ "error": "invalid otherperson given" }); typeof otherperson !== 'string' ||
return; otherperson.length > 100 ||
otherperson === ''
) {
res.status(410).json({ error: 'invalid otherperson given' })
return
} }
const columns = [ const columns = [
"dms_user_name", "dms_text", "dms_time", "dms_special_text", "dms_id", "dms_from_bot", "dms_reply_id" 'dms_user_name',
]; 'dms_text',
'dms_time',
'dms_special_text',
'dms_id',
'dms_from_bot',
'dms_reply_id',
]
//dms_user_name = sender //dms_user_name = sender
//dms_receiver = receiver //dms_receiver = receiver
//if (sender == current and receiver == other) or (receiver == current and sender == other) //if (sender == current and receiver == other) or (receiver == current and sender == other)
let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc limit 50;`; let sql = `select ${columns.join(',')} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc limit 50;`
con.query(sql, [otherperson, encodeURIComponent(res.locals.username), encodeURIComponent(res.locals.username), otherperson], function (err, result) { con.query(
if (err) sql,
throw err; [
res.json(result); otherperson,
}); encodeURIComponent(res.locals.username),
encodeURIComponent(res.locals.username),
otherperson,
],
function (err, result) {
if (err) throw err
res.json(result)
}
)
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/dms/conversations", function (req, res) { router.get('/api/dms/conversations', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
let uriencusername = encodeURIComponent(res.locals.username); let uriencusername = encodeURIComponent(res.locals.username)
let sql = `select dms_user_name, dms_receiver from ipost.dms where ((dms_receiver = ?) or (dms_user_name = ?)) group by dms_receiver,dms_user_name;`; let sql = `select dms_user_name, dms_receiver from ipost.dms where ((dms_receiver = ?) or (dms_user_name = ?)) group by dms_receiver,dms_user_name;`
con.query(sql, [uriencusername, uriencusername], function (err, result) { con.query(
if (err) sql,
throw err; [uriencusername, uriencusername],
res.json(result); function (err, result) {
}); if (err) throw err
res.json(result)
}
)
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/dms/encrypt.js", function (req, res) { router.get('/api/dms/encrypt.js', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
res.send(web_version()); res.send(web_version())
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
// //
router.get("/api/dms/getDM", function (req, res) { router.get('/api/dms/getDM', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
let arg = req.query.id; let arg = req.query.id
let uriencusername = encodeURIComponent(res.locals.username); let uriencusername = encodeURIComponent(res.locals.username)
let sql = `select dms_user_name,dms_text,dms_time,dms_special_text,dms_id,dms_from_bot,dms_reply_id,dms_receiver from ipost.dms where dms_id=? and (dms_user_name=? or dms_receiver=?);`; let sql = `select dms_user_name,dms_text,dms_time,dms_special_text,dms_id,dms_from_bot,dms_reply_id,dms_receiver from ipost.dms where dms_id=? and (dms_user_name=? or dms_receiver=?);`
con.query(sql, [arg, uriencusername, uriencusername], function (err, result) { con.query(
if (err) sql,
throw err; [arg, uriencusername, uriencusername],
if (result[0]) { function (err, result) {
res.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish if (err) throw err
res.json(result[0]); if (result[0]) {
res.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
res.json(result[0])
} else {
res.json({ error: 'there is no such dm!' })
}
} }
else { )
res.json({ "error": "there is no such dm!" });
}
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
}; }
export default { export default {
setup setup,
}; }

128
routes/api/dms/post.js
View File

@ -1,104 +1,116 @@
import xor from "../../../extra_modules/xor.js"; import xor from '../../../extra_modules/xor.js'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const PIDS = {}; //[pid]: true/"already_used" const PIDS = {} //[pid]: true/"already_used"
function createPID(){ function createPID() {
let pid = server.genstring(10); //collision chance is low enough, but we'll check anyways let pid = server.genstring(10) //collision chance is low enough, but we'll check anyways
while (PIDS[pid] !== undefined) { while (PIDS[pid] !== undefined) {
pid = server.genstring(10); pid = server.genstring(10)
console.log(5, "pid collision"); console.log(5, 'pid collision')
} }
PIDS[pid] = true; PIDS[pid] = true
setTimeout(function() { setTimeout(function () {
PIDS[pid] = undefined; PIDS[pid] = undefined
}, 40000); }, 40000)
return pid return pid
} }
router.get('/api/dms/pid', function (req, res) {
router.get("/api/dms/pid", function (req, res) { res.set('Access-Control-Allow-Origin', '*')
res.set("Access-Control-Allow-Origin", "*"); res.json({ pid: createPID() })
res.json({ "pid": createPID() });
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.post("/api/dms/post", function (req, res) { router.post('/api/dms/post', function (req, res) {
if (!req.body.message) { if (!req.body.message) {
res.status(410) res.status(410)
res.json({ "error": "no message to post" }); res.json({ error: 'no message to post' })
return; return
} }
if ((typeof req.body.message) !== "string") { if (typeof req.body.message !== 'string') {
res.status(411) res.status(411)
res.json({ "error": "no message to post" }); res.json({ error: 'no message to post' })
return; return
} }
if ((typeof req.body.pid) !== "string") { if (typeof req.body.pid !== 'string') {
res.status(412) res.status(412)
res.json({ "error": "no pid given" }); res.json({ error: 'no pid given' })
return; return
} }
if (req.body.pid.length !== 10 || PIDS[req.body.pid] !== true) { if (req.body.pid.length !== 10 || PIDS[req.body.pid] !== true) {
res.status(413) res.status(413)
res.json({ "error": "invalid pid given" }); res.json({ error: 'invalid pid given' })
return; return
} }
PIDS[req.body.pid] = "already_used"; PIDS[req.body.pid] = 'already_used'
let reply_id; let reply_id
if (!req.body.reply_id || req.body.reply_id < 0) { if (!req.body.reply_id || req.body.reply_id < 0) {
reply_id = 0; reply_id = 0
} else {
reply_id = req.body.reply_id
} }
else { if (typeof reply_id !== 'number') {
reply_id = req.body.reply_id;
}
if ((typeof reply_id) !== "number") {
res.status(414) res.status(414)
res.json({ "error": "no valid reply id given" }); res.json({ error: 'no valid reply id given' })
return; return
} }
if (req.body.message.length > 1000) { if (req.body.message.length > 1000) {
res.status(415) res.status(415)
res.json({ "error": "message too long" }); res.json({ error: 'message too long' })
return; return
} }
req.body.message = encodeURIComponent(req.body.message.trim()); req.body.message = encodeURIComponent(req.body.message.trim())
if (req.body.message.length > 3000) { if (req.body.message.length > 3000) {
res.status(416) res.status(416)
res.json({ "error": "message too long" }); //check again after URI encoding it res.json({ error: 'message too long' }) //check again after URI encoding it
return; return
} }
req.body.receiver = encodeURIComponent(req.body.receiver || ""); req.body.receiver = encodeURIComponent(req.body.receiver || '')
if (req.body.receiver === "" || req.body.receiver === encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) { if (
res.status(417).json({ "error": "invalid receiver given" }); req.body.receiver === '' ||
return; req.body.receiver === encodeURIComponent(res.locals.username) ||
req.body.receiver.length > 100
) {
res.status(417).json({ error: 'invalid receiver given' })
return
} }
let otherperson = req.body.receiver; let otherperson = req.body.receiver
if (!req.body.message) { if (!req.body.message) {
res.status(418) res.status(418)
res.json({ "error": "no message to post" }); res.json({ error: 'no message to post' })
return; return
} }
let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`; let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), otherperson, res.locals.isbot, reply_id]; let values = [
encodeURIComponent(res.locals.username),
req.body.message,
Date.now(),
otherperson,
res.locals.isbot,
reply_id,
]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) { if (err) {
res.status(500) res.status(500)
res.json({"error":"there's been an internal error"}) res.json({ error: "there's been an internal error" })
console.error(err) console.error(err)
return; return
} }
res.json({ "success": "successfully posted dm" }); res.json({ success: 'successfully posted dm' })
console.log(5, `posted new dm by ${res.locals.username} to ${otherperson} : ${xor(encodeURIComponent(res.locals.username), otherperson)}`); console.log(
}); 5,
`posted new dm by ${res.locals.username} to ${otherperson} : ${xor(encodeURIComponent(res.locals.username), otherperson)}`
)
})
//TODO: bring dms up-to-date with normal posts //TODO: bring dms up-to-date with normal posts
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
return createPID return createPID
}; }
export default { export default {
setup setup,
}; }

41
routes/api/getFileIcon.js
View File

@ -1,12 +1,12 @@
import sharp from "sharp" import sharp from 'sharp'
async function addTextOnImage(text,buf) { async function addTextOnImage(text, buf) {
try { try {
let img = await sharp(buf) let img = await sharp(buf)
const metadata = await img.metadata() const metadata = await img.metadata()
const width = metadata.width; const width = metadata.width
const height = metadata.height; const height = metadata.height
const svgImage = ` const svgImage = `
<svg width="${width}" height="${height}"> <svg width="${width}" height="${height}">
@ -15,30 +15,35 @@ async function addTextOnImage(text,buf) {
</style> </style>
<text x="50%" y="50%" text-anchor="middle" class="title">${text}</text> <text x="50%" y="50%" text-anchor="middle" class="title">${text}</text>
</svg> </svg>
`; `
return await img return await img
.composite([ .composite([
{ {
input: Buffer.from(svgImage), input: Buffer.from(svgImage),
top: 0, top: 0,
left: 0, left: 0,
}, },
]).webp({effort:6}).toBuffer() ])
.webp({ effort: 6 })
.toBuffer()
} catch (error) { } catch (error) {
console.log(error); console.log(error)
} }
} }
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.get("/api/getFileIcon/:icon",async function(req,res){ router.get('/api/getFileIcon/:icon', async function (req, res) {
let path = req.params.icon let path = req.params.icon
if(path.length > 4) { if (path.length > 4) {
res.status(410).json({"error":"file ending is too long"}) res.status(410).json({ error: 'file ending is too long' })
return; return
} }
addTextOnImage(path,await sharp("./images/empty_file.png").toBuffer()).then(buf => { addTextOnImage(
res.set("content-type","image/png") path,
await sharp('./images/empty_file.png').toBuffer()
).then((buf) => {
res.set('content-type', 'image/png')
res.send(buf) res.send(buf)
}) })
/* #swagger.security = [{ /* #swagger.security = [{

92
routes/api/getPosts.js
View File

@ -1,65 +1,67 @@
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.get("/api/getPosts", function (req, res) { router.get('/api/getPosts', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
if (req.query.channel !== undefined) { if (req.query.channel !== undefined) {
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,User_Avatar,file_0,file_1,file_2,file_3,file_4 from ipost.posts inner join ipost.users on (User_Name = post_user_name) where post_receiver_name = ? group by post_id order by post_id desc limit 30;`; let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,User_Avatar,file_0,file_1,file_2,file_3,file_4 from ipost.posts inner join ipost.users on (User_Name = post_user_name) where post_receiver_name = ? group by post_id order by post_id desc limit 30;`
con.query(sql, [encodeURIComponent(req.query.channel)], function (err, result) { con.query(
if (err) sql,
throw err; [encodeURIComponent(req.query.channel)],
res.json(result); function (err, result) {
}); if (err) throw err
} res.json(result)
else { //fallback }
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where (post_receiver_name is null or post_receiver_name = 'everyone') group by post_id order by post_id desc limit 30;`; )
} else {
//fallback
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where (post_receiver_name is null or post_receiver_name = 'everyone') group by post_id order by post_id desc limit 30;`
con.query(sql, [], function (err, result) { con.query(sql, [], function (err, result) {
if (err) if (err) throw err
throw err; res.json(result)
res.json(result); })
});
} }
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/getPostsLowerThan", function (req, res) { router.get('/api/getPostsLowerThan', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
if (req.query.channel !== undefined) { if (req.query.channel !== undefined) {
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where ((post_receiver_name = ?) and (post_id < ?)) group by post_id order by post_id desc limit 30;`; let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where ((post_receiver_name = ?) and (post_id < ?)) group by post_id order by post_id desc limit 30;`
con.query(sql, [encodeURIComponent(req.query.channel), req.query.id], function (err, result) { con.query(
if (err) sql,
throw err; [encodeURIComponent(req.query.channel), req.query.id],
res.json(result); function (err, result) {
}); if (err) throw err
} res.json(result)
else { //fallback }
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where ((post_receiver_name is null or post_receiver_name = 'everyone') and (post_id < ?)) group by post_id order by post_id desc limit 30;`; )
} else {
//fallback
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4 from ipost.posts where ((post_receiver_name is null or post_receiver_name = 'everyone') and (post_id < ?)) group by post_id order by post_id desc limit 30;`
con.query(sql, [req.query.id], function (err, result) { con.query(sql, [req.query.id], function (err, result) {
if (err) if (err) throw err
throw err; res.json(result)
res.json(result); })
});
} }
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/getPost", function (req, res) { router.get('/api/getPost', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
let arg = req.query.id; let arg = req.query.id
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,post_receiver_name,User_Avatar,file_0,file_1,file_2,file_3,file_4 from ipost.posts inner join ipost.users on (User_Name = post_user_name) where post_id=?;`; let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id,post_receiver_name,User_Avatar,file_0,file_1,file_2,file_3,file_4 from ipost.posts inner join ipost.users on (User_Name = post_user_name) where post_id=?;`
con.query(sql, [arg], function (err, result) { con.query(sql, [arg], function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
res.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish res.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
res.json(result[0]); res.json(result[0])
} else {
res.json({ error: 'there is no such post!' })
} }
else { })
res.json({ "error": "there is no such post!" });
}
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
} }

28
routes/api/options.js
View File

@ -1,18 +1,18 @@
function allowAllTraffic(router, str, type) { function allowAllTraffic(router, str, type) {
router.options(str, function (req, res, next) { router.options(str, function (req, res, next) {
res.set("Access-Control-Allow-Origin", "test.ipost.rocks"); //we'll allow it for now res.set('Access-Control-Allow-Origin', 'test.ipost.rocks') //we'll allow it for now
res.set("Access-Control-Allow-Methods", type || "GET"); res.set('Access-Control-Allow-Methods', type || 'GET')
res.set("Access-Control-Allow-Headers", "Content-Type"); res.set('Access-Control-Allow-Headers', 'Content-Type')
res.status(200).send(""); res.status(200).send('')
}); })
} }
function setup(router, con, server) { function setup(router, con, server) {
allowAllTraffic(router, "/api/pid"); allowAllTraffic(router, '/api/pid')
allowAllTraffic(router, "/api/post", "POST"); allowAllTraffic(router, '/api/post', 'POST')
allowAllTraffic(router, "/api/getotheruser"); allowAllTraffic(router, '/api/getotheruser')
allowAllTraffic(router, "/api/getPost"); allowAllTraffic(router, '/api/getPost')
allowAllTraffic(router, "/api/getPostsLowerThan"); allowAllTraffic(router, '/api/getPostsLowerThan')
allowAllTraffic(router, "/api/settings"); allowAllTraffic(router, '/api/settings')
allowAllTraffic(router, "/api/settings", "POST"); allowAllTraffic(router, '/api/settings', 'POST')
} }
export { setup }; export { setup }

295
routes/api/post.js
View File

@ -1,218 +1,261 @@
import sharp from "sharp"; import sharp from 'sharp'
import {writeFile} from "fs"; import { writeFile } from 'fs'
const image_types = { const image_types = {
"png":true, png: true,
"jpg":true, jpg: true,
"jpeg":true, jpeg: true,
"webp":true, webp: true,
"jfif":true jfif: true,
} }
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const PIDS = {}; //[pid]: true/"already_used" const PIDS = {} //[pid]: true/"already_used"
function isNotNull(a) { function isNotNull(a) {
return typeof a !== "undefined" && a !== null return typeof a !== 'undefined' && a !== null
} }
function createPID(){ function createPID() {
let pid = server.genstring(10); //collision chance is low enough, but we'll check anyways let pid = server.genstring(10) //collision chance is low enough, but we'll check anyways
while (PIDS[pid] !== undefined) { while (PIDS[pid] !== undefined) {
pid = server.genstring(10); pid = server.genstring(10)
console.log(5, "pid collision"); console.log(5, 'pid collision')
} }
PIDS[pid] = true; PIDS[pid] = true
setTimeout(function() { setTimeout(function () {
PIDS[pid] = undefined; PIDS[pid] = undefined
}, 40000); }, 40000)
return pid return pid
} }
router.get("/api/pid", function (req, res) { router.get('/api/pid', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
res.json({ "pid": createPID() }); res.json({ pid: createPID() })
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
function validateMessage(message) { function validateMessage(message) {
if (!message) { if (!message) {
throw { throw {
statusCode: 410, statusCode: 410,
message: "no message to post" message: 'no message to post',
} }
} }
if ((typeof message) !== "string") { if (typeof message !== 'string') {
throw { throw {
statusCode: 411, statusCode: 411,
message: "no message to post" message: 'no message to post',
} }
} }
if (message.length > 1000) { if (message.length > 1000) {
throw { throw {
statusCode: 416, statusCode: 416,
message: "message too long" message: 'message too long',
} }
} }
message = encodeURIComponent(message.trim()); message = encodeURIComponent(message.trim())
if (message.length > 3000) { if (message.length > 3000) {
throw { throw {
statusCode: 417, statusCode: 417,
message: "message too long" message: 'message too long',
} }
} }
if (!message) { if (!message) {
throw { throw {
statusCode: 418, statusCode: 418,
message: "no message to post" message: 'no message to post',
} }
} //backup check } //backup check
return message return message
} }
function validatePID(pid) { function validatePID(pid) {
if (!pid || typeof pid !== "string") { if (!pid || typeof pid !== 'string') {
throw { throw {
statusCode: 412, statusCode: 412,
message: "no pid given" message: 'no pid given',
} }
} }
if (pid.length !== 10 || PIDS[pid]!==true) { if (pid.length !== 10 || PIDS[pid] !== true) {
throw { throw {
statusCode: 413, statusCode: 413,
message: "invalid pid given" message: 'invalid pid given',
} }
} }
PIDS[pid] = "already_used"; PIDS[pid] = 'already_used'
} }
function validateReplyID(rid) { function validateReplyID(rid) {
let reply_id; let reply_id
if (!rid || rid < 0) { if (!rid || rid < 0) {
reply_id = 0 reply_id = 0
} }
if(typeof rid === "string" && rid !== "") { if (typeof rid === 'string' && rid !== '') {
reply_id = parseInt(rid,10) reply_id = parseInt(rid, 10)
if(isNaN(reply_id)) { if (isNaN(reply_id)) {
throw { throw {
statusCode: 414, statusCode: 414,
message: "no valid reply id given" message: 'no valid reply id given',
} }
} }
} }
if (typeof reply_id !== "number") { if (typeof reply_id !== 'number') {
throw { throw {
statusCode: 415, statusCode: 415,
message: "no valid reply id given" message: 'no valid reply id given',
} //backup case } //backup case
} }
return reply_id return reply_id
} }
function validateReceiver(rec) { function validateReceiver(rec) {
let receiver = encodeURIComponent(rec || ""); let receiver = encodeURIComponent(rec || '')
if (receiver === "") if (receiver === '') receiver = 'everyone'
receiver = "everyone";
return receiver return receiver
} }
router.post("/api/post", async (req, res) => { router.post('/api/post', async (req, res) => {
try { try {
let message = validateMessage(req.body.message); let message = validateMessage(req.body.message)
validatePID(req.body.pid); validatePID(req.body.pid)
let reply_id = validateReplyID(req.body.reply_id); let reply_id = validateReplyID(req.body.reply_id)
let receiver = validateReceiver(req.body.receiver); let receiver = validateReceiver(req.body.receiver)
let __dirname = server.dirname let __dirname = server.dirname
const file_names = ["","","","",""] const file_names = ['', '', '', '', '']
if(isNotNull(req.files)) { if (isNotNull(req.files)) {
for(let file_index=0;file_index<5;file_index++) { for (let file_index = 0; file_index < 5; file_index++) {
if(isNotNull(req.files[`file_${file_index}`])) { if (isNotNull(req.files[`file_${file_index}`])) {
let file = req.files[`file_${file_index}`] let file = req.files[`file_${file_index}`]
const file_id = server.genstring(20) const file_id = server.genstring(20)
const file_name = `${file_id}/${(file.name.substring(0,25)).replace(/\.[^/.]+$/, "")}` const file_name = `${file_id}/${file.name.substring(0, 25).replace(/\.[^/.]+$/, '')}`
let extension = file.name.substring(file.name.lastIndexOf("\.")+1) let extension = file.name.substring(
file_names[file_index]=`${file_name}${(extension in image_types && ".webp") || extension}` file.name.lastIndexOf('\.') + 1
server.ensureExists(`${__dirname}/user_uploads/${file_id}`,undefined,async (err)=>{ )
if(err) { file_names[file_index] =
`${file_name}${(extension in image_types && '.webp') || extension}`
server.ensureExists(
`${__dirname}/user_uploads/${file_id}`,
undefined,
async (err) => {
if (err) {
console.error(err)
return
}
if (extension in image_types) {
writeFile(
`${__dirname}/user_uploads/${file_name}.webp`,
await sharp(file.data)
.webp({ mixed: true, effort: 6 })
.toBuffer(),
(err2) => {
if (err2) console.error(err2)
}
)
server.ensureExists(
`${__dirname}/user_uploads/previews/${file_id}`,
undefined,
async (error) => {
if (error) {
console.error(error)
return
}
writeFile(
`${__dirname}/user_uploads/previews/${file_name}.webp`,
await sharp(file.data)
.resize(100, 100, {
fit: 'inside',
})
.webp({
mixed: true,
effort: 6,
})
.toBuffer(),
(error2) => {
if (error2)
console.error(error2)
}
)
}
)
} else {
file.mv(
`${__dirname}/user_uploads/${file_name}.${extension}`,
(err2) => {
if (err2) console.error(err2)
}
)
}
}
)
}
}
}
let sql = `START TRANSACTION;INSERT INTO ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) VALUES (?,?,?,?,?,?,?,?,?,?,?);SELECT LAST_INSERT_ID() as ID;COMMIT;`
let values = [
encodeURIComponent(res.locals.username),
message,
Date.now(),
receiver,
res.locals.isbot,
reply_id,
...file_names,
]
con.query(sql, values, function (err, result) {
if (err) {
res.status(500)
res.json({ error: "there's been an interal error" })
console.error(err) console.error(err)
return; return
} }
if(extension in image_types) { let post_obj = {
writeFile(`${__dirname}/user_uploads/${file_name}.webp`,await sharp(file.data).webp({mixed:true,effort:6}).toBuffer(),(err2)=>{ post_user_name: encodeURIComponent(res.locals.username),
if(err2)console.error(err2) post_text: req.body.message,
}) post_time: Date.now(),
server.ensureExists(`${__dirname}/user_uploads/previews/${file_id}`,undefined,async (error) => { post_special_text: '',
if(error) { post_receiver_name: req.body.receiver,
console.error(error) post_from_bot: res.locals.isbot,
return; post_reply_id: reply_id,
} user_avatar: res.locals.avatar,
writeFile(`${__dirname}/user_uploads/previews/${file_name}.webp`,await sharp(file.data).resize(100,100,{fit: "inside"}).webp({mixed:true,effort:6}).toBuffer(),(error2)=>{ files: file_names,
if(error2)console.error(error2) post_id: result[0].ID,
}) }
}) let message = {
} else { message: 'new_post',
file.mv(`${__dirname}/user_uploads/${file_name}.${extension}`,(err2)=>{ data: post_obj,
if(err2)console.error(err2) }
}) let messagestr = JSON.stringify(message)
} //console.log(5,server.wss.clients); /* DEBUG: Log websocket clients */
server.wss.clients.forEach(function (ws) {
//console.log(5,ws); /* DEBUG: Log websocket clients */
ws.send(messagestr)
}) })
} res.json({ success: 'successfully posted message' })
} console.log(
} 5,
`posted new message by ${res.locals.username} : ${req.body.message}`
let sql = `START TRANSACTION;INSERT INTO ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) VALUES (?,?,?,?,?,?,?,?,?,?,?);SELECT LAST_INSERT_ID() as ID;COMMIT;`; )
let values = [encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id,...file_names]; })
con.query(sql, values, function (err, result) {
if (err){
res.status(500)
res.json({"error":"there's been an interal error"})
console.error(err)
return;
}
let post_obj = {
post_user_name: encodeURIComponent(res.locals.username),
post_text: req.body.message,
post_time: Date.now(),
post_special_text: "",
post_receiver_name: req.body.receiver,
post_from_bot: res.locals.isbot,
post_reply_id: reply_id,
user_avatar: res.locals.avatar,
files: file_names,
post_id: result[0].ID
};
let message = {
message: "new_post",
data: post_obj
};
let messagestr = JSON.stringify(message);
//console.log(5,server.wss.clients); /* DEBUG: Log websocket clients */
server.wss.clients.forEach(function(ws) {
//console.log(5,ws); /* DEBUG: Log websocket clients */
ws.send(messagestr);
});
res.json({ "success": "successfully posted message" });
console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`);
});
} catch (error) { } catch (error) {
if(error.statusCode) { if (error.statusCode) {
res.status(error.statusCode) res.status(error.statusCode)
res.json({ "error": error.message, "status": error.statusCode }); res.json({ error: error.message, status: error.statusCode })
} else { } else {
console.error("some error: ", error) console.error('some error: ', error)
res.status(500) res.status(500)
res.json({"error":"internal server error", "status": 500}) res.json({ error: 'internal server error', status: 500 })
} }
} }
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
return createPID return createPID
}; }
export default { export default {
setup setup,
}; }

60
routes/api/search.js
View File

@ -1,42 +1,44 @@
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.get("/api/search", function (req, res) { router.get('/api/search', function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set('Access-Control-Allow-Origin', '')
let type = req.query.type; let type = req.query.type
let arg = encodeURIComponent(req.query.selector); let arg = encodeURIComponent(req.query.selector)
if (type === "user") { if (type === 'user') {
let sql = `select User_Name,User_Bio,User_Avatar from ipost.users where User_Name like ? limit 10;`; let sql = `select User_Name,User_Bio,User_Avatar from ipost.users where User_Name like ? limit 10;`
con.query(sql, [`%${arg}%`], function (err, result) { con.query(sql, [`%${arg}%`], function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
result["message"] = "search has been deprecated as of 11/30/2022" result['message'] =
res.json(result); 'search has been deprecated as of 11/30/2022'
res.json(result)
} else {
res.json({ error: 'there is no such user!' })
} }
else { })
res.json({ "error": "there is no such user!" }); } else if (type === 'post') {
} let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from ipost.posts where post_text like ? and (post_receiver_name is null or post_receiver_name = 'everyone') order by post_id desc limit 20;`
});
}
else if (type === "post") {
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from ipost.posts where post_text like ? and (post_receiver_name is null or post_receiver_name = 'everyone') order by post_id desc limit 20;`;
con.query(sql, [`%${arg}%`], function (err, result) { con.query(sql, [`%${arg}%`], function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
result["message"] = "search has been deprecated as of 11/30/2022" result['message'] =
res.json(result); 'search has been deprecated as of 11/30/2022'
res.json(result)
} else {
res.json({
error: 'there is no such post!',
message: 'search has been deprecated as of 11/30/2022',
})
} }
else { })
res.json({ "error": "there is no such post!", "message": "search has been deprecated as of 11/30/2022"}); } else {
} res.json({
}); error: 'invalid type passed along, expected `user` or `post`',
} message: 'search has been deprecated as of 11/30/2022',
else { })
res.json({ "error": "invalid type passed along, expected `user` or `post`", "message": "search has been deprecated as of 11/30/2022"});
} }
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
} }

77
routes/api/settingshandler.js
View File

@ -1,60 +1,71 @@
const allowed_settings = { const allowed_settings = {
"ACCR": ["boolean"] ACCR: ['boolean'],
}; }
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.get("/api/settings", function (req, res) { router.get('/api/settings', function (req, res) {
res.json(res.locals.settings); res.json(res.locals.settings)
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.post("/api/settings", function (req, res) { router.post('/api/settings', function (req, res) {
if (!req.body.setting) { if (!req.body.setting) {
res.status(410) res.status(410)
res.json({ "error": "no setting to change" }); res.json({ error: 'no setting to change' })
return; return
} }
if ((typeof req.body.setting) !== "string") { if (typeof req.body.setting !== 'string') {
res.status(411) res.status(411)
res.json({ "error": "no setting to change" }); res.json({ error: 'no setting to change' })
return; return
} }
let types = allowed_settings[req.body.setting]; let types = allowed_settings[req.body.setting]
let allowed = false; let allowed = false
let got = typeof req.body.value; let got = typeof req.body.value
for (let index = 0; index < types.length; index++) { for (let index = 0; index < types.length; index++) {
if (types[index] === got) { if (types[index] === got) {
allowed = true; allowed = true
break; break
} }
} }
if (!allowed) { if (!allowed) {
console.log(5, "incorrect type given, received, expected", typeof req.body.value, allowed_settings[req.body.setting]); console.log(
5,
'incorrect type given, received, expected',
typeof req.body.value,
allowed_settings[req.body.setting]
)
res.status(412) res.status(412)
res.json({ "error": "no new setting value given" }); res.json({ error: 'no new setting value given' })
return; return
} }
let setting_to_change = req.body.setting; let setting_to_change = req.body.setting
let setting_new_value = req.body.value; let setting_new_value = req.body.value
res.locals.settings[setting_to_change] = setting_new_value; res.locals.settings[setting_to_change] = setting_new_value
console.log(5, "changing settings", setting_to_change, setting_new_value, res.locals.settings); console.log(
let sql = "update ipost.users set User_Settings=? where User_Name=?"; 5,
let values = [JSON.stringify(res.locals.settings), res.locals.username]; 'changing settings',
setting_to_change,
setting_new_value,
res.locals.settings
)
let sql = 'update ipost.users set User_Settings=? where User_Name=?'
let values = [JSON.stringify(res.locals.settings), res.locals.username]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) { if (err) {
res.status(500) res.status(500)
res.json({ "status": "error", "code": err }); res.json({ status: 'error', code: err })
return; return
} }
res.json({ "status": "success" }); res.json({ status: 'success' })
}); })
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
}; }
export default { export default {
setup setup,
}; }

413
routes/api/userRoutes.js
View File

@ -1,234 +1,293 @@
import sharp from "sharp" import sharp from 'sharp'
import { ensureExists } from "../../extra_modules/ensureExists.js" import { ensureExists } from '../../extra_modules/ensureExists.js'
import {SHA256} from "../../extra_modules/SHA.js"; import { SHA256 } from '../../extra_modules/SHA.js'
import getIP from "../../extra_modules/getip.js"; import getIP from '../../extra_modules/getip.js'
import {getunsigned} from "../../extra_modules/unsign.js"; import { getunsigned } from '../../extra_modules/unsign.js'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const config = server.config const config = server.config
const HASHES_DB = config.cookies.server_hashes; const HASHES_DB = config.cookies.server_hashes
const HASHES_COOKIE = config.cookies.client_hashes; const HASHES_COOKIE = config.cookies.client_hashes
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE
router.post("/api/setavatar", function (req, res) { const __dirname = server.dirname
res.set("Access-Control-Allow-Origin", "");
router.post('/api/setavatar', function (req, res) {
res.set('Access-Control-Allow-Origin', '')
if (!req.files || Object.keys(req.files).length === 0) { if (!req.files || Object.keys(req.files).length === 0) {
return res.status(410).send('No files were uploaded. (req.files)'); return res.status(410).send('No files were uploaded. (req.files)')
} }
let avatar = req.files.avatar; let avatar = req.files.avatar
if (!avatar) { if (!avatar) {
return res.status(411).send('No files were uploaded. (req.files.)'); return res.status(411).send('No files were uploaded. (req.files.)')
} }
const avatars = __dirname + '/avatars/'; const avatars = __dirname + '/avatars/'
ensureExists(avatars, function (err) { ensureExists(avatars, function (err) {
if (err) { if (err) {
return res.status(500).json({ "error": "there's been an internal server error." }); return res
.status(500)
.json({ error: "there's been an internal server error." })
} }
if (res.locals.avatar) { if (res.locals.avatar) {
try { try {
unlinkSync(avatars + res.locals.avatar); unlinkSync(avatars + res.locals.avatar)
} catch(ignored){} } catch (ignored) {}
} }
let filename = genstring(95) + ".webp"; let filename = genstring(95) + '.webp'
while (existsSync(avatars + "/" + filename) || filename === ".webp") { //generate new filename until it's unique while (
filename = genstring(95) + ".webp"; existsSync(avatars + '/' + filename) ||
filename === '.webp'
) {
//generate new filename until it's unique
filename = genstring(95) + '.webp'
} }
sharp(avatar.data).resize({ //resize avatar to 100x100 and convert it to a webp, then store it sharp(avatar.data)
width: 100, .resize({
height: 100 //resize avatar to 100x100 and convert it to a webp, then store it
}).webp({ width: 100,
effort: 6, height: 100,
mixed: true })
}).toBuffer().then(function(data){ .webp({
writeFileSync(avatars + filename,data) effort: 6,
let sql = `update ipost.users set User_Avatar=? where User_Name=?`; mixed: true,
con.query(sql, [filename, encodeURIComponent(res.locals.username)], function (err) { })
if (err) .toBuffer()
throw err; .then(function (data) {
res.json({ "success": "updated avatar" }); writeFileSync(avatars + filename, data)
}); let sql = `update ipost.users set User_Avatar=? where User_Name=?`
}) con.query(
}); sql,
[filename, encodeURIComponent(res.locals.username)],
function (err) {
if (err) throw err
res.json({ success: 'updated avatar' })
}
)
})
})
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/getuser", function (_req, res) { router.get('/api/getuser', function (_req, res) {
res.json({ "username": res.locals.username, "bio": res.locals.bio, "avatar": res.locals.avatar, "userid": res.locals.userid }); res.json({
username: res.locals.username,
bio: res.locals.bio,
avatar: res.locals.avatar,
userid: res.locals.userid,
})
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/getalluserinformation", function (req, res) { router.get('/api/getalluserinformation', function (req, res) {
res.set("Access-Control-Allow-Origin", ""); //we don't want that here res.set('Access-Control-Allow-Origin', '') //we don't want that here
let unsigned = getunsigned(req, res); //has to be asking for it via the cookie let unsigned = getunsigned(req, res) //has to be asking for it via the cookie
if (!unsigned) if (!unsigned) return
return; unsigned = decodeURIComponent(unsigned)
unsigned = decodeURIComponent(unsigned); let sql = `select * from ipost.users where User_Name=? and User_PW=?;`
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`; let values = unsigned.split(' ')
let values = unsigned.split(" "); values[1] = SHA256(values[1], values[0], HASHES_DIFF)
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
res.status(200); res.status(200)
res.json(result[0]); res.json(result[0])
} else {
res.status(402)
res.json({
error: 'you cannot access the api without being logged in',
})
} }
else { })
res.status(402);
res.json({ "error": "you cannot access the api without being logged in" });
}
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.get("/api/getotheruser", function (req, res) { router.get('/api/getotheruser', function (req, res) {
res.set("Access-Control-Allow-Origin", "*"); res.set('Access-Control-Allow-Origin', '*')
let username = req.query.user; let username = req.query.user
let sql = `select User_Name,User_Bio,User_Avatar from ipost.users where User_Name=?;`; let sql = `select User_Name,User_Bio,User_Avatar from ipost.users where User_Name=?;`
con.query(sql, [username], function (err, result) { con.query(sql, [username], function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
res.json({ "username": username, "bio": result[0].User_Bio, "avatar": result[0].User_Avatar, "publicKey": result[0].User_PublicKey }); res.json({
username: username,
bio: result[0].User_Bio,
avatar: result[0].User_Avatar,
publicKey: result[0].User_PublicKey,
})
} else {
res.json({ error: 'there is no such user!' })
} }
else { })
res.json({ "error": "there is no such user!" }); })
} router.post('/api/setBio', function (req, res) {
}); res.set('Access-Control-Allow-Origin', '')
}); let bio = req.body.Bio
router.post("/api/setBio", function (req, res) {
res.set("Access-Control-Allow-Origin", "");
let bio = req.body.Bio;
if (!bio) { if (!bio) {
res.status(410); res.status(410)
res.json({ "error": "no bio set!" }); res.json({ error: 'no bio set!' })
return; return
} }
bio = encodeURIComponent(bio); bio = encodeURIComponent(bio)
if (bio.length > 100) { if (bio.length > 100) {
res.status(411); res.status(411)
res.json({ "error": "the bio is too long!" }); res.json({ error: 'the bio is too long!' })
return; return
} }
let sql = `update ipost.users set User_Bio=? where User_Name=?`; let sql = `update ipost.users set User_Bio=? where User_Name=?`
con.query(sql, [bio, encodeURIComponent(res.locals.username)], function (err) { con.query(
if (err) sql,
throw err; [bio, encodeURIComponent(res.locals.username)],
res.json({ "success": "updated bio" }); function (err) {
}); if (err) throw err
res.json({ success: 'updated bio' })
}
)
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.post("/api/changePW", (req, res) => { router.post('/api/changePW', (req, res) => {
res.set("Access-Control-Allow-Origin", ""); res.set('Access-Control-Allow-Origin', '')
if ((typeof req.body.newPW) !== "string") { if (typeof req.body.newPW !== 'string') {
res.json({ "error": "incorrect password" }); res.json({ error: 'incorrect password' })
return; return
} }
if ((typeof req.body.currentPW) !== "string") { if (typeof req.body.currentPW !== 'string') {
res.json({ "error": "incorrect password" }); res.json({ error: 'incorrect password' })
return; return
} }
if (req.body.newPW.length < 10) { if (req.body.newPW.length < 10) {
res.status(410); res.status(410)
res.json({ "error": "password is too short" }); res.json({ error: 'password is too short' })
return; return
} }
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB); let hashed_pw = SHA256(
let hashed_new_pw = SHA256(req.body.newPW, res.locals.username, HASHES_DB); req.body.currentPW,
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`; res.locals.username,
let values = [res.locals.username, hashed_pw]; HASHES_DB
)
let hashed_new_pw = SHA256(
req.body.newPW,
res.locals.username,
HASHES_DB
)
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`
let values = [res.locals.username, hashed_pw]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
let sql = `update ipost.users set User_PW=? where User_Name=? and User_PW=?;`; let sql = `update ipost.users set User_PW=? where User_Name=? and User_PW=?;`
let values = [hashed_new_pw, res.locals.username, hashed_pw]; let values = [hashed_new_pw, res.locals.username, hashed_pw]
con.query(sql, values, (err2) => { con.query(sql, values, (err2) => {
if (err2) if (err2) throw err2
throw err2; let ip = getIP(req)
let ip = getIP(req);
let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}` let setTo = `${res.locals.username} ${SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE)}`
let cookiesigned = signature.sign(setTo, cookiesecret + ip); let cookiesigned = signature.sign(setTo, cookiesecret + ip)
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true }); res.cookie('AUTH_COOKIE', cookiesigned, {
res.json({ "success": "successfully changed password" }); maxAge: Math.pow(10, 10),
}); httpOnly: true,
secure: true,
})
res.json({ success: 'successfully changed password' })
})
} else {
res.json({ error: 'invalid password' })
} }
else { })
res.json({ "error": "invalid password" });
}
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
router.post("/api/changeUsername", function (req, res) { router.post('/api/changeUsername', function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set('Access-Control-Allow-Origin', '')
if ((typeof req.body.newUsername) !== "string") { if (typeof req.body.newUsername !== 'string') {
res.status(410); res.status(410)
res.json({ "error": "incorrect username" }); res.json({ error: 'incorrect username' })
return; return
} }
if ((typeof req.body.currentPW) !== "string") { if (typeof req.body.currentPW !== 'string') {
res.status(411); res.status(411)
res.json({ "error": "incorrect password" }); res.json({ error: 'incorrect password' })
return; return
} }
if (req.body.newUsername.length > 100) { if (req.body.newUsername.length > 100) {
res.status(412); res.status(412)
res.json({ "error": "username is too long" }); res.json({ error: 'username is too long' })
return; return
} }
if (req.body.newUsername === res.locals.username) { if (req.body.newUsername === res.locals.username) {
res.status(413); res.status(413)
res.json({ "error": "username can't be the current one" }); res.json({ error: "username can't be the current one" })
return; return
} }
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB); let hashed_pw = SHA256(
let hashed_new_pw = SHA256(req.body.currentPW, req.body.newUsername, HASHES_DB); req.body.currentPW,
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`; //check if pw is correct res.locals.username,
let values = [res.locals.username,hashed_pw]; HASHES_DB
)
let hashed_new_pw = SHA256(
req.body.currentPW,
req.body.newUsername,
HASHES_DB
)
let sql = `select * from ipost.users where User_Name=? and User_PW=?;` //check if pw is correct
let values = [res.locals.username, hashed_pw]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
let sql = `select * from ipost.users where User_Name=?;`; //check if newUsername isn't already used let sql = `select * from ipost.users where User_Name=?;` //check if newUsername isn't already used
let values = [req.body.newUsername]; let values = [req.body.newUsername]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) throw err
throw err;
if (result[0]) { if (result[0]) {
res.json({ "error": "user with that username already exists" }); res.json({
return; error: 'user with that username already exists',
})
return
} }
let sql = `update ipost.users set User_PW=?,User_Name=? where User_Name=? and User_PW=?;`; //change username in users let sql = `update ipost.users set User_PW=?,User_Name=? where User_Name=? and User_PW=?;` //change username in users
let values = [hashed_new_pw, req.body.newUsername, res.locals.username, hashed_pw]; let values = [
hashed_new_pw,
req.body.newUsername,
res.locals.username,
hashed_pw,
]
con.query(sql, values, function (err) { con.query(sql, values, function (err) {
if (err) if (err) throw err
throw err; let ip = getIP(req)
let ip = getIP(req);
let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}` let setTo = `${req.body.newUsername} ${SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE)}`
let cookiesigned = signature.sign(setTo, cookiesecret + ip); let cookiesigned = signature.sign(
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: true }); setTo,
cookiesecret + ip
)
res.cookie('AUTH_COOKIE', cookiesigned, {
maxAge: Math.pow(10, 10),
httpOnly: true,
secure: true,
})
//updated username in the users table, but not yet on posts //updated username in the users table, but not yet on posts
//TODO: update username on dms //TODO: update username on dms
let sql = `update ipost.posts set post_user_name=? where post_user_name=?;`; //change username of every past post sent let sql = `update ipost.posts set post_user_name=? where post_user_name=?;` //change username of every past post sent
let values = [req.body.newUsername, res.locals.username, hashed_pw]; let values = [
req.body.newUsername,
res.locals.username,
hashed_pw,
]
con.query(sql, values, () => { con.query(sql, values, () => {
res.json({ "success": "successfully changed username" }); //done res.json({
}); success: 'successfully changed username',
}); }) //done
}); })
})
})
} else {
res.json({ error: 'invalid password' })
} }
else { })
res.json({ "error": "invalid password" });
}
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
} }

155
routes/authorize.js
View File

@ -1,59 +1,72 @@
import {randomBytes} from "crypto" import { randomBytes } from 'crypto'
import {SHA256} from "../extra_modules/SHA.js"; import { SHA256 } from '../extra_modules/SHA.js'
import {unsign} from "../extra_modules/unsign.js"; import { unsign } from '../extra_modules/unsign.js'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const temp_code_to_token = {} const temp_code_to_token = {}
router.post("/authorize",async (req,res) => { router.post('/authorize', async (req, res) => {
if (!unsign(req.cookies.AUTH_COOKIE, req, res)){ if (!unsign(req.cookies.AUTH_COOKIE, req, res)) {
return return
} }
let data = await server.hcaptcha.verify(req.body["h-captcha-response"]) let data = await server.hcaptcha.verify(req.body['h-captcha-response'])
if(data.success) {
if (data.success) {
let appid = req.body.application_id let appid = req.body.application_id
if(typeof appid === "string") { if (typeof appid === 'string') {
appid = Number(appid) appid = Number(appid)
} }
if(typeof appid === "number") { if (typeof appid === 'number') {
const token = randomBytes(150).toString('base64')
const token = randomBytes(150).toString("base64") let tokencode
while (
let tokencode; tokencode === undefined ||
while(tokencode===undefined || temp_code_to_token[tokencode]!==undefined) { temp_code_to_token[tokencode] !== undefined
tokencode = randomBytes(15).toString("base64").replaceAll("/","f").replaceAll("+","A") //"/" and "+" may break some apps ) {
tokencode = randomBytes(15)
.toString('base64')
.replaceAll('/', 'f')
.replaceAll('+', 'A') //"/" and "+" may break some apps
} }
temp_code_to_token[tokencode]={ temp_code_to_token[tokencode] = {
"userid":res.locals.userid, userid: res.locals.userid,
"appid":appid, appid: appid,
"token":token token: token,
} }
setTimeout(() => { setTimeout(
let data = temp_code_to_token[tokencode] () => {
if(data !== undefined && data.token===token && data.appid === appid && data.userid === res.locals.userid) { let data = temp_code_to_token[tokencode]
temp_code_to_token[tokencode]=undefined if (
} data !== undefined &&
}, 1000*60*5); data.token === token &&
data.appid === appid &&
data.userid === res.locals.userid
) {
temp_code_to_token[tokencode] = undefined
}
},
1000 * 60 * 5
)
const sql = "SELECT application_auth_url FROM ipost.application where application_id=?" const sql =
'SELECT application_auth_url FROM ipost.application where application_id=?'
con.query(sql,[appid],(err,result) => { con.query(sql, [appid], (err, result) => {
if(err || result.length !== 1) { if (err || result.length !== 1) {
console.err(err) console.err(err)
res.redirect(`/authorize?id=${req.body.application_id}`) res.redirect(`/authorize?id=${req.body.application_id}`)
return return
} }
let extra = "" let extra = ''
if(req.body.application_extra !== "") { if (req.body.application_extra !== '') {
extra = "&extra="+String(req.body.application_extra) extra = '&extra=' + String(req.body.application_extra)
} }
res.redirect(`${result[0].application_auth_url}?code=${tokencode}${extra}`) res.redirect(
`${result[0].application_auth_url}?code=${tokencode}${extra}`
)
}) })
return return
} }
} }
@ -65,68 +78,76 @@ export const setup = function (router, con, server) {
}] */ }] */
}) })
router.post("/redeemauthcode", (req,res) => { router.post('/redeemauthcode', (req, res) => {
if (temp_code_to_token[req.body.authcode] === undefined) {
if(temp_code_to_token[req.body.authcode]===undefined) {
res.status(400) res.status(400)
res.json({"status":400,"message":"invalid code given"}) res.json({ status: 400, message: 'invalid code given' })
return return
} }
if(typeof req.body.auth === "string") { if (typeof req.body.auth === 'string') {
try{ try {
req.body.auth = JSON.parse(req.body.auth) req.body.auth = JSON.parse(req.body.auth)
} catch(err) { } catch (err) {
console.log("error parsing",err) console.log('error parsing', err)
} }
} }
if( if (
typeof req.body.auth !== "object" || typeof req.body.auth !== 'object' ||
typeof req.body.auth.secret !== "string" || typeof req.body.auth.secret !== 'string' ||
typeof req.body.auth.appid !== "number" || typeof req.body.auth.appid !== 'number' ||
req.body.auth.secret.length !== 200 || req.body.auth.secret.length !== 200 ||
Buffer.from(req.body.auth.secret,"base64").length !== 150 || Buffer.from(req.body.auth.secret, 'base64').length !== 150 ||
req.body.auth.appid !== temp_code_to_token[req.body.authcode].appid req.body.auth.appid !== temp_code_to_token[req.body.authcode].appid
) { ) {
//console.log(1,req.body.auth,temp_code_to_token[req.body.authcode].appid) //console.log(1,req.body.auth,temp_code_to_token[req.body.authcode].appid)
res.status(420).send("invalid authentication object") res.status(420).send('invalid authentication object')
return; return
} }
const appid = req.body.auth.appid const appid = req.body.auth.appid
const checksecret = SHA256(req.body.auth.secret,appid,10000) const checksecret = SHA256(req.body.auth.secret, appid, 10000)
const checksql = "SELECT application_id from ipost.application where application_secret=? and application_id=?" const checksql =
const checkvalues = [checksecret,appid] 'SELECT application_id from ipost.application where application_secret=? and application_id=?'
const checkvalues = [checksecret, appid]
con.query(checksql,checkvalues,(error,result_object) => { con.query(checksql, checkvalues, (error, result_object) => {
if (
if(error || result_object[0]===undefined || result_object[0].application_id!==appid) { error ||
result_object[0] === undefined ||
result_object[0].application_id !== appid
) {
res.status(400) res.status(400)
res.json({"status":400,"message":"invalid code given"}) res.json({ status: 400, message: 'invalid code given' })
return return
} }
let data = temp_code_to_token[req.body.authcode] let data = temp_code_to_token[req.body.authcode]
temp_code_to_token[req.body.authcode] = undefined temp_code_to_token[req.body.authcode] = undefined
const sql =
'INSERT INTO `ipost`.`auth_tokens`(`auth_token`,`auth_token_u_id`,`auth_token_isfrom_application_id`) VALUES(?,?,?);'
const sql = "INSERT INTO `ipost`.`auth_tokens`(`auth_token`,`auth_token_u_id`,`auth_token_isfrom_application_id`) VALUES(?,?,?);" const values = [
SHA256(data.token, appid, 10000),
const values = [SHA256(data.token,appid,10000),data.userid,data.appid] //token,id,appid data.userid,
con.query(sql,values,(err,result) => { data.appid,
if(err) { ] //token,id,appid
res.json({"status":500,"message":"error redeeming code"}) con.query(sql, values, (err, result) => {
if (err) {
res.json({ status: 500, message: 'error redeeming code' })
console.err(err) console.err(err)
} else { } else {
res.json({"status":200,"message":"successfully redeemed code","token":data.token}) res.json({
status: 200,
message: 'successfully redeemed code',
token: data.token,
})
} }
}) })
}) })
}) })
/* #swagger.security = [{ /* #swagger.security = [{

15
routes/logout.js
View File

@ -1,10 +1,13 @@
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const increaseUSERCall = server.increaseUSERCall const increaseUSERCall = server.increaseUSERCall
router.get("/logout", function (req, res) { router.get('/logout', function (req, res) {
if (!increaseUSERCall(req, res))return; if (!increaseUSERCall(req, res)) return
res.cookie("AUTH_COOKIE", "", { maxAge: 0, httpOnly: true, secure: true }); res.cookie('AUTH_COOKIE', '', {
res.redirect("/"); maxAge: 0,
}); httpOnly: true,
secure: true,
})
res.redirect('/')
})
} }

111
routes/serve_static_files.js
View File

@ -1,74 +1,73 @@
import {existsSync} from "fs" import { existsSync } from 'fs'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const increaseUSERCall = server.increaseUSERCall const increaseUSERCall = server.increaseUSERCall
const __dirname = server.dirname const __dirname = server.dirname
const dir = __dirname + "/" const dir = __dirname + '/'
router.get("/users/:user", function (req, res) { router.get('/users/:user', function (req, res) {
if (!increaseUSERCall(req, res)) if (!increaseUSERCall(req, res)) return
return; res.sendFile(dir + 'views/otheruser.html')
res.sendFile(dir + "views/otheruser.html"); })
}); router.get('/css/:file', (request, response) => {
router.get("/css/:file", (request, response) => { if (!increaseUSERCall(request, response)) return
if (!increaseUSERCall(request, response))
return;
if (existsSync(`${__dirname}/css/${request.params.file}`)) { if (existsSync(`${__dirname}/css/${request.params.file}`)) {
response.sendFile(`${__dirname}/css/${request.params.file}`); response.sendFile(`${__dirname}/css/${request.params.file}`)
} else {
response.status(404).send('no file with that name found')
} }
else { return
response.status(404).send("no file with that name found"); })
} router.get('/js/:file', (request, response) => {
return; if (!increaseUSERCall(request, response)) return
});
router.get("/js/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(`${__dirname}/js/${request.params.file}`)) { if (existsSync(`${__dirname}/js/${request.params.file}`)) {
response.sendFile(`${__dirname}/js/${request.params.file}`); response.sendFile(`${__dirname}/js/${request.params.file}`)
} else {
response.status(404).send('no file with that name found')
} }
else { return
response.status(404).send("no file with that name found"); })
} router.get('/images/:file', (request, response) => {
return; if (!increaseUSERCall(request, response)) return
});
router.get("/images/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(`${__dirname}/images/${request.params.file}`)) { if (existsSync(`${__dirname}/images/${request.params.file}`)) {
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish response.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
response.sendFile(`${__dirname}/images/${request.params.file}`); response.sendFile(`${__dirname}/images/${request.params.file}`)
} else if (
existsSync(
`${__dirname}/images/${request.params.file.toLowerCase()}`
)
) {
response.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
response.sendFile(
`${__dirname}/images/${request.params.file.toLowerCase()}`
)
} else {
response.status(404).send('no file with that name found')
} }
else if(existsSync(`${__dirname}/images/${request.params.file.toLowerCase()}`)){ return
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish })
response.sendFile(`${__dirname}/images/${request.params.file.toLowerCase()}`);
}
else {
response.status(404).send("no file with that name found");
}
return;
});
router.get("/user_uploads/:file", (request, response) => { router.get('/user_uploads/:file', (request, response) => {
if (!increaseUSERCall(request, response)) if (!increaseUSERCall(request, response)) return
return;
if (existsSync(`${__dirname}/user_uploads/${request.params.file}`)) { if (existsSync(`${__dirname}/user_uploads/${request.params.file}`)) {
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish response.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
response.sendFile(`${__dirname}/user_uploads/${request.params.file}`); response.sendFile(
`${__dirname}/user_uploads/${request.params.file}`
)
} else {
response.status(404).send('no file with that name found')
} }
else { return
response.status(404).send("no file with that name found"); })
}
return;
});
router.get("/avatars/:avatar", (request, response) => { router.get('/avatars/:avatar', (request, response) => {
if (!increaseUSERCall(request, response)) if (!increaseUSERCall(request, response)) return
return; response.set('Cache-Control', 'public, max-age=2592000') //cache it for one month-ish
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
if (existsSync(`${__dirname}/avatars/${request.params.avatar}`)) { if (existsSync(`${__dirname}/avatars/${request.params.avatar}`)) {
return response.sendFile(`${__dirname}/avatars/${request.params.avatar}`); return response.sendFile(
`${__dirname}/avatars/${request.params.avatar}`
)
} }
response.status(404).send("No avatar with that name found"); response.status(404).send('No avatar with that name found')
}); })
} }

37
routes/setup_all_routes.js
View File

@ -1,29 +1,28 @@
import { setup as optionssetup } from "./api/options.js"; import { setup as optionssetup } from './api/options.js'
import { setup as allsetup } from "./api/all.js"; import { setup as allsetup } from './api/all.js'
import { setup as settingshandlersetup } from "./api/settingshandler.js"; import { setup as settingshandlersetup } from './api/settingshandler.js'
import { setup as postsetup } from "./api/post.js"; import { setup as postsetup } from './api/post.js'
import { setup as dmsPersonalMessagessetup } from "./api/dms/PersonalMessages.js"; import { setup as dmsPersonalMessagessetup } from './api/dms/PersonalMessages.js'
import { setup as dmspostsetup } from "./api/dms/post.js"; import { setup as dmspostsetup } from './api/dms/post.js'
import { setup as fileiconsetup } from "./api/getFileIcon.js"; import { setup as fileiconsetup } from './api/getFileIcon.js'
import { setup as searchsetup } from "./api/search.js"; import { setup as searchsetup } from './api/search.js'
import { setup as getpostssetup } from "./api/getPosts.js"; import { setup as getpostssetup } from './api/getPosts.js'
import { setup as userroutessetup } from "./api/userRoutes.js"; import { setup as userroutessetup } from './api/userRoutes.js'
import { setup as servefilessetup} from "./serve_static_files.js" import { setup as servefilessetup } from './serve_static_files.js'
import { setup as userfilessetup} from "./userfiles.js" import { setup as userfilessetup } from './userfiles.js'
import { setup as userauthsetup} from "./user_auth.js" import { setup as userauthsetup } from './user_auth.js'
import { setup as applicationsetup} from "./authorize.js" import { setup as applicationsetup } from './authorize.js'
import { setup as logoutsetup} from "./logout.js" import { setup as logoutsetup } from './logout.js'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const setuproute = handler => handler(router,con,server) const setuproute = (handler) => handler(router, con, server)
setuproute(optionssetup) setuproute(optionssetup)
setuproute(allsetup) setuproute(allsetup)
setuproute(settingshandlersetup) setuproute(settingshandlersetup)
const get_pid = setuproute(postsetup); const get_pid = setuproute(postsetup)
setuproute(dmsPersonalMessagessetup) setuproute(dmsPersonalMessagessetup)
const get_dmpid = setuproute(dmspostsetup); const get_dmpid = setuproute(dmspostsetup)
setuproute(fileiconsetup) setuproute(fileiconsetup)
setuproute(searchsetup) setuproute(searchsetup)
setuproute(getpostssetup) setuproute(getpostssetup)

290
routes/user_auth.js
View File

@ -1,172 +1,200 @@
import {SHA256} from "../extra_modules/SHA.js"; import { SHA256 } from '../extra_modules/SHA.js'
import * as signature from "cookie-signature"; import * as signature from 'cookie-signature'
import getIP from "../extra_modules/getip.js"; import getIP from '../extra_modules/getip.js'
import {readFileSync} from "fs" import { readFileSync } from 'fs'
const cookiesecret = readFileSync("cookiesecret.txt").toString(); const cookiesecret = readFileSync('cookiesecret.txt').toString()
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const config = server.config const config = server.config
const DID_I_FINALLY_ADD_HTTPS = server.DID_I_FINALLY_ADD_HTTPS const DID_I_FINALLY_ADD_HTTPS = server.DID_I_FINALLY_ADD_HTTPS
const increaseAPICall = server.increaseAPICall const increaseAPICall = server.increaseAPICall
const HASHES_DB = config.cookies.server_hashes; const HASHES_DB = config.cookies.server_hashes
const HASHES_COOKIE = config.cookies.client_hashes; const HASHES_COOKIE = config.cookies.client_hashes
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE
router.post("/register", function (req, res) { router.post('/register', function (req, res) {
for (let i = 0; i < 10; i++) { //don't want people spam registering for (let i = 0; i < 10; i++) {
if (!increaseAPICall(req, res)) //don't want people spam registering
return; if (!increaseAPICall(req, res)) return
} }
res.status(200); res.status(200)
if ((typeof req.body.user) !== "string") { if (typeof req.body.user !== 'string') {
res.status(416); res.status(416)
res.json({ "error": "incorrect username" }); res.json({ error: 'incorrect username' })
return; return
} }
if ((typeof req.body.pass) !== "string") { if (typeof req.body.pass !== 'string') {
res.status(417); res.status(417)
res.json({ "error": "incorrect password" }); res.json({ error: 'incorrect password' })
return; return
} }
let username = req.body.user.toString(); let username = req.body.user.toString()
username = username.replace(/\s/gi, ""); username = username.replace(/\s/gi, '')
let password = req.body.pass.toString(); let password = req.body.pass.toString()
if (!username) { if (!username) {
res.status(410); res.status(410)
res.redirect("/register?success=false&reason=username"); res.redirect('/register?success=false&reason=username')
return; return
} }
if (username === "") { if (username === '') {
res.status(411); res.status(411)
res.redirect("/register?success=false&reason=username"); res.redirect('/register?success=false&reason=username')
return; return
} }
if (password.length < 10) { if (password.length < 10) {
res.status(412); res.status(412)
res.send("password is too short"); res.send('password is too short')
return; return
} }
if (username.length > 25) { if (username.length > 25) {
res.status(413); res.status(413)
res.send("username is too long"); res.send('username is too long')
return; return
} }
if (username.search("@") !== -1) { if (username.search('@') !== -1) {
res.status(414); res.status(414)
res.send("username can't contain @-characters"); res.send("username can't contain @-characters")
return; return
} }
if (!password) { if (!password) {
res.status(415); res.status(415)
res.redirect("/register?success=false&reason=password"); res.redirect('/register?success=false&reason=password')
return; return
} }
let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`; let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`
con.query(userexistssql, [encodeURIComponent(username)], function (_error, result) { con.query(
if (result && result[0] && result[0].User_Name) { userexistssql,
res.status(418); [encodeURIComponent(username)],
res.redirect("/register?success=false&reason=already_exists"); function (_error, result) {
return; if (result && result[0] && result[0].User_Name) {
} res.status(418)
let less_hashed_pw = SHA256(password, username, HASHES_DIFF); res.redirect(
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE); '/register?success=false&reason=already_exists'
let ip = getIP(req); )
let setTo = `${username} ${SHA256(password, username, HASHES_COOKIE)}` return
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
ip = SHA256(ip, setTo, HASHES_DB);
const default_settings = {};
let values = [encodeURIComponent(username), hashed_pw, Date.now(), ip, ip, JSON.stringify(default_settings)];
let sql = `INSERT INTO ipost.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP, User_Settings) VALUES (?, ?, ?, ?, ?, ?);`;
con.query(sql, values, function (err) {
if (err)
throw err;
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
if(req.body.r !== undefined) {
res.redirect(decodeURIComponent(req.body.r))
} else {
res.redirect("/user");
} }
}); let less_hashed_pw = SHA256(password, username, HASHES_DIFF)
}); let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE)
}); let ip = getIP(req)
router.post("/login", function (req, res) { let setTo = `${username} ${SHA256(password, username, HASHES_COOKIE)}`
if (!increaseAPICall(req, res)) let cookiesigned = signature.sign(setTo, cookiesecret + ip)
return; ip = SHA256(ip, setTo, HASHES_DB)
if ((typeof req.body.user) !== "string") { const default_settings = {}
res.status(416); let values = [
res.json({ "error": "incorrect username" }); encodeURIComponent(username),
return; hashed_pw,
Date.now(),
ip,
ip,
JSON.stringify(default_settings),
]
let sql = `INSERT INTO ipost.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP, User_Settings) VALUES (?, ?, ?, ?, ?, ?);`
con.query(sql, values, function (err) {
if (err) throw err
res.cookie('AUTH_COOKIE', cookiesigned, {
maxAge: Math.pow(10, 10),
httpOnly: true,
secure: DID_I_FINALLY_ADD_HTTPS,
})
if (req.body.r !== undefined) {
res.redirect(decodeURIComponent(req.body.r))
} else {
res.redirect('/user')
}
})
}
)
})
router.post('/login', function (req, res) {
if (!increaseAPICall(req, res)) return
if (typeof req.body.user !== 'string') {
res.status(416)
res.json({ error: 'incorrect username' })
return
} }
if ((typeof req.body.pass) !== "string") { if (typeof req.body.pass !== 'string') {
res.status(417); res.status(417)
res.json({ "error": "incorrect password" }); res.json({ error: 'incorrect password' })
return; return
} }
if (!req.body.user) { if (!req.body.user) {
res.status(410); res.status(410)
res.send("no username given"); res.send('no username given')
return; return
} }
if (!req.body.pass) { if (!req.body.pass) {
res.status(411); res.status(411)
res.send("no password given"); res.send('no password given')
return; return
} }
let username = req.body.user.toString(); let username = req.body.user.toString()
username = username.replace(" ", ""); username = username.replace(' ', '')
let password = req.body.pass.toString(); let password = req.body.pass.toString()
if (!username) { if (!username) {
res.status(412); res.status(412)
res.send("no username given"); res.send('no username given')
return; return
} }
if (username.length > 25) { if (username.length > 25) {
res.status(413); res.status(413)
res.send("username is too long"); res.send('username is too long')
return; return
} }
if (password.length < 10) { if (password.length < 10) {
res.status(414); res.status(414)
res.send("password is too short"); res.send('password is too short')
return; return
} }
if (!password) { if (!password) {
res.status(415); res.status(415)
res.send("no password given"); res.send('no password given')
return; return
} }
const no_ip_lock = username.endsWith("@unsafe") const no_ip_lock = username.endsWith('@unsafe')
username = username.replace("@unsafe","") username = username.replace('@unsafe', '')
let less_hashed_pw = SHA256(password, username, HASHES_DIFF); let less_hashed_pw = SHA256(password, username, HASHES_DIFF)
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE); let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE)
let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`; let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`
con.query(userexistssql, [encodeURIComponent(username), hashed_pw], function (_error, result) { con.query(
if (result && result[0]) { userexistssql,
let ip = getIP(req); [encodeURIComponent(username), hashed_pw],
let setTo = `${username} ${SHA256(password, username, HASHES_COOKIE)}` function (_error, result) {
let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : "")); if (result && result[0]) {
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); let ip = getIP(req)
ip = SHA256(ip, setTo, HASHES_DB); let setTo = `${username} ${SHA256(password, username, HASHES_COOKIE)}`
if (result[0].User_LastIP !== ip) { let cookiesigned = signature.sign(
let sql = `update ipost.users set User_LastIP = ? where User_Name = ?;`; setTo,
con.query(sql, [ip, encodeURIComponent(username)], function (error) { cookiesecret + (!no_ip_lock ? ip : '')
if (error) )
throw error; res.cookie('AUTH_COOKIE', cookiesigned, {
}); maxAge: Math.pow(10, 10),
} httpOnly: true,
if(req.body.r !== undefined) { secure: DID_I_FINALLY_ADD_HTTPS,
res.redirect(decodeURIComponent(req.body.r)) })
ip = SHA256(ip, setTo, HASHES_DB)
if (result[0].User_LastIP !== ip) {
let sql = `update ipost.users set User_LastIP = ? where User_Name = ?;`
con.query(
sql,
[ip, encodeURIComponent(username)],
function (error) {
if (error) throw error
}
)
}
if (req.body.r !== undefined) {
res.redirect(decodeURIComponent(req.body.r))
} else {
res.redirect('/user')
}
} else { } else {
res.redirect("/user"); console.log(5, 'login failed, username: ', username)
res.redirect('/login?success=false?reason=noUser')
} }
} }
else { )
console.log(5,"login failed, username: ", username); })
res.redirect("/login?success=false?reason=noUser");
}
});
});
} }

243
routes/userfiles.js
View File

@ -1,15 +1,14 @@
import ejs from "ejs" import ejs from 'ejs'
import { LRUCache as LRU } from "lru-cache" import { LRUCache as LRU } from 'lru-cache'
import { minify as min_js } from "uglify-js" import { minify as min_js } from 'uglify-js'
import Clean from 'clean-css'; import Clean from 'clean-css'
import Minifier from 'html-minifier-terser'; import Minifier from 'html-minifier-terser'
import { web_version } from "unsafe_encrypt"; import { web_version } from 'unsafe_encrypt'
import { existsSync, readFileSync, readFile } from "fs" import { existsSync, readFileSync, readFile } from 'fs'
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
const increaseUSERCall = server.increaseUSERCall const increaseUSERCall = server.increaseUSERCall
const dir = server.dirname + "/" const dir = server.dirname + '/'
ejs.cache = new LRU({ max: 20 }) ejs.cache = new LRU({ max: 20 })
@ -22,47 +21,47 @@ export const setup = function (router, con, server) {
ttl: 1000 * 60, ttl: 1000 * 60,
allowStale: true, allowStale: true,
updateAgeOnGet: true, updateAgeOnGet: true,
updateAgeOnHas: true updateAgeOnHas: true,
}) })
function load_var(filePath) { function load_var(filePath) {
if (load_var_cache.has(filePath)) { if (load_var_cache.has(filePath)) {
return load_var_cache.get(filePath); return load_var_cache.get(filePath)
} }
if (!existsSync(filePath)) { if (!existsSync(filePath)) {
console.log(1, 'Tried loading non-existent file', filePath); console.log(1, 'Tried loading non-existent file', filePath)
load_var_cache.set(filePath, ''); load_var_cache.set(filePath, '')
return ''; return ''
} }
let output = readFileSync(filePath); let output = readFileSync(filePath)
if (filePath.endsWith('.js')) { if (filePath.endsWith('.js')) {
output = min_js(output.toString()).code; output = min_js(output.toString()).code
} else if (filePath.endsWith('.css')) { } else if (filePath.endsWith('.css')) {
const { styles } = new Clean({}).minify(output.toString()); const { styles } = new Clean({}).minify(output.toString())
output = styles; output = styles
} }
load_var_cache.set(filePath, output); load_var_cache.set(filePath, output)
return output; return output
} }
function get_channels() { function get_channels() {
return new Promise(function (resolve, reject) { return new Promise(function (resolve, reject) {
let sql = `select post_receiver_name from ipost.posts where post_is_private = '0' group by post_receiver_name;`; let sql = `select post_receiver_name from ipost.posts where post_is_private = '0' group by post_receiver_name;`
con.query(sql, [], function (err, result) { con.query(sql, [], function (err, result) {
if (err) reject(err) if (err) reject(err)
let out = [] let out = []
for (let channel of result) { for (let channel of result) {
if (channel.post_receiver_name === "") continue; if (channel.post_receiver_name === '') continue
out[out.length] = channel.post_receiver_name out[out.length] = channel.post_receiver_name
} }
resolve(out) resolve(out)
}); })
}) })
} }
@ -78,52 +77,55 @@ export const setup = function (router, con, server) {
res(appId_Cache.get(appid) || {}) res(appId_Cache.get(appid) || {})
return return
} }
con.query("SELECT * FROM ipost.application WHERE application_id=?", [appid], (err, result) => { con.query(
if (err) { 'SELECT * FROM ipost.application WHERE application_id=?',
console.error(err) [appid],
rej({}) (err, result) => {
return if (err) {
console.error(err)
rej({})
return
}
appId_Cache.set(appid, result[0])
res(result[0] || {})
} }
appId_Cache.set(appid, result[0]) )
res(result[0] || {})
})
}) })
} }
let global_page_variables = { let global_page_variables = {
globalcss: load_var("./css/global.css"), globalcss: load_var('./css/global.css'),
httppostjs: load_var("./js/httppost.js"), httppostjs: load_var('./js/httppost.js'),
navbar: load_var("./extra_modules/navbar.html"), navbar: load_var('./extra_modules/navbar.html'),
markdownjs: load_var("./js/markdown.js"), markdownjs: load_var('./js/markdown.js'),
htmlescapejs: load_var("./js/htmlescape.js"), htmlescapejs: load_var('./js/htmlescape.js'),
warnmessagejs: load_var("./js/warn_message.js"), warnmessagejs: load_var('./js/warn_message.js'),
loadfile: load_var, loadfile: load_var,
getChannels: get_channels, getChannels: get_channels,
encryptJS: min_js(web_version().toString()).code, encryptJS: min_js(web_version().toString()).code,
cookiebanner: `<script id="cookieyes" type="text/javascript" src="https://cdn-cookieyes.com/client_data/3cf33f6b631f3587bf83813b/script.js" async></script>`, cookiebanner: `<script id="cookieyes" type="text/javascript" src="https://cdn-cookieyes.com/client_data/3cf33f6b631f3587bf83813b/script.js" async></script>`,
getPID: server.global_page_variables.getPID, getPID: server.global_page_variables.getPID,
getDMPID: server.global_page_variables.getDMPID, getDMPID: server.global_page_variables.getDMPID,
unauthorized_description: "Chat now by creating an account on IPost", unauthorized_description: 'Chat now by creating an account on IPost',
hcaptcha_sitekey: server.hcaptcha.sitekey, hcaptcha_sitekey: server.hcaptcha.sitekey,
getAppWithId: getAppWithId getAppWithId: getAppWithId,
} }
async function handleUserFiles(request, response, overrideurl) { async function handleUserFiles(request, response, overrideurl) {
if (!increaseUSERCall(request, response)) return; if (!increaseUSERCall(request, response)) return
if (typeof overrideurl !== "string") overrideurl = undefined; if (typeof overrideurl !== 'string') overrideurl = undefined
let originalUrl = overrideurl let originalUrl =
|| request.params.file overrideurl ||
|| request.originalUrl.split("?").shift(); //backup in case anything goes wrong request.params.file ||
request.originalUrl.split('?').shift() //backup in case anything goes wrong
let path = "" let path = ''
if (existsSync(dir + "views/" + originalUrl)) { if (existsSync(dir + 'views/' + originalUrl)) {
path = dir + "views/" + originalUrl path = dir + 'views/' + originalUrl
//send .txt files as plaintext to help browsers interpret it correctly //send .txt files as plaintext to help browsers interpret it correctly
if (originalUrl.endsWith(".txt")) { if (originalUrl.endsWith('.txt')) {
response.set('Content-Type', 'text/plain'); response.set('Content-Type', 'text/plain')
readFile(path, (err, data) => { readFile(path, (err, data) => {
if (err) return if (err) return
response.send(data) response.send(data)
@ -131,90 +133,109 @@ export const setup = function (router, con, server) {
return return
} }
} }
if (existsSync(dir + "views/" + originalUrl + "index.html")) { if (existsSync(dir + 'views/' + originalUrl + 'index.html')) {
path = dir + "views/" + originalUrl + "index.html" path = dir + 'views/' + originalUrl + 'index.html'
} }
if (existsSync(dir + "views/" + originalUrl + ".html")) { if (existsSync(dir + 'views/' + originalUrl + '.html')) {
path = dir + "views/" + originalUrl + ".html" path = dir + 'views/' + originalUrl + '.html'
} }
if (existsSync(dir + "views" + originalUrl + ".html")) { if (existsSync(dir + 'views' + originalUrl + '.html')) {
path = dir + "views" + originalUrl + ".html" path = dir + 'views' + originalUrl + '.html'
} }
if (path !== "" && originalUrl !== "favicon.ico" && originalUrl !== "api_documentation" && originalUrl !== "api_documentation.html") { if (
path !== '' &&
originalUrl !== 'favicon.ico' &&
originalUrl !== 'api_documentation' &&
originalUrl !== 'api_documentation.html'
) {
console.log(originalUrl) console.log(originalUrl)
global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar } global_page_variables.user = {
global_page_variables.query = request.query username: response.locals.username,
if (originalUrl === "authorize") { bio: response.locals.bio,
global_page_variables.application = await getAppWithId(request.query.id) avatar: response.locals.avatar,
} }
ejs.renderFile(path, global_page_variables, { async: true }, async function (err, str) { global_page_variables.query = request.query
str = await str if (originalUrl === 'authorize') {
err = await err global_page_variables.application = await getAppWithId(
if (err) { request.query.id
console.log(1, err) )
response.status(500) }
response.send("error") ejs.renderFile(
//TODO: make error page path,
return global_page_variables,
} { async: true },
try { async function (err, str) {
str = await Minifier.minify(str, { str = await str
removeComments: true, err = await err
removeCommentsFromCDATA: true, if (err) {
removeCDATASectionsFromCDATA: true, console.log(1, err)
collapseWhitespace: true, response.status(500)
collapseBooleanAttributes: true, response.send('error')
removeAttributeQuotes: true, //TODO: make error page
removeRedundantAttributes: true, return
useShortDoctype: true, }
removeEmptyAttributes: true try {
}) str = await Minifier.minify(str, {
} catch (ignored) { removeComments: true,
console.log(2, "error minifying", originalUrl); removeCommentsFromCDATA: true,
} removeCDATASectionsFromCDATA: true,
collapseWhitespace: true,
collapseBooleanAttributes: true,
removeAttributeQuotes: true,
removeRedundantAttributes: true,
useShortDoctype: true,
removeEmptyAttributes: true,
})
} catch (ignored) {
console.log(2, 'error minifying', originalUrl)
}
try { try {
response.send(str) response.send(str)
} catch (err) { } catch (err) {
console.error(err) console.error(err)
}
} }
}) )
return; return
} }
if (originalUrl === "api_documentation" || originalUrl === "api_documentation.html") { if (
response.set('Cache-Control', 'public, max-age=2592000'); originalUrl === 'api_documentation' ||
originalUrl === 'api_documentation.html'
) {
response.set('Cache-Control', 'public, max-age=2592000')
response.set('Content-Type', 'text/html') response.set('Content-Type', 'text/html')
response.send(load_var("./views/api_documentation.html")) response.send(load_var('./views/api_documentation.html'))
return return
} }
if (originalUrl === "favicon.ico") { if (originalUrl === 'favicon.ico') {
response.set('Cache-Control', 'public, max-age=2592000'); response.set('Cache-Control', 'public, max-age=2592000')
response.sendFile(dir + "/views/favicon.ico") response.sendFile(dir + '/views/favicon.ico')
return return
} }
console.log(5, "no file found", originalUrl); console.log(5, 'no file found', originalUrl)
try { try {
response.status(404).send("No file with that name found"); response.status(404).send('No file with that name found')
} catch (err) { } catch (err) {
console.error(err) console.error(err)
} }
} }
/** /**
* Handle default URI as /index (interpreted redirect: "localhost" -> "localhost/index" ) * Handle default URI as /index (interpreted redirect: "localhost" -> "localhost/index" )
*/ */
router.get("/", (req, res) => { router.get('/', (req, res) => {
req.params.file = "index" req.params.file = 'index'
handleUserFiles(req, res, "/index") handleUserFiles(req, res, '/index')
}); })
router.get("/:file", handleUserFiles); router.get('/:file', handleUserFiles)
router.get("/:folder/:file", (req, res) => { router.get('/:folder/:file', (req, res) => {
req.params.file = req.params.folder + "/" + req.params.file req.params.file = req.params.folder + '/' + req.params.file
handleUserFiles(req, res) handleUserFiles(req, res)
}); })
} }

435
server.js
View File

@ -1,21 +1,21 @@
import http from "http"; import http from 'http'
import express,{Router} from "express"; import express, { Router } from 'express'
import useragent from "express-useragent"; import useragent from 'express-useragent'
import fileUpload from "express-fileupload"; import fileUpload from 'express-fileupload'
import * as bodyParser from "body-parser"; import * as bodyParser from 'body-parser'
import cookieParser from "cookie-parser"; import cookieParser from 'cookie-parser'
import * as mysql from "mysql2"; import * as mysql from 'mysql2'
import * as ws from "ws"; import * as ws from 'ws'
import getIP from "./extra_modules/getip.js"; import getIP from './extra_modules/getip.js'
import {unsign} from "./extra_modules/unsign.js"; import { unsign } from './extra_modules/unsign.js'
import { readFileSync, appendFile } from "fs"; import { readFileSync, appendFile } from 'fs'
import { format } from "util"; import { format } from 'util'
import { setup as SETUP_ROUTES} from "./routes/setup_all_routes.js" import { setup as SETUP_ROUTES } from './routes/setup_all_routes.js'
import { verify as verifyHCaptcha_int } from "hcaptcha" import { verify as verifyHCaptcha_int } from 'hcaptcha'
import { ensureExists } from "./extra_modules/ensureExists.js" import { ensureExists } from './extra_modules/ensureExists.js'
import * as compress from "compression" import * as compress from 'compression'
const compression = compress.default const compression = compress.default
import { fileURLToPath } from 'url' import { fileURLToPath } from 'url'
@ -23,9 +23,9 @@ import { dirname } from 'path'
const __filename = fileURLToPath(import.meta.url) const __filename = fileURLToPath(import.meta.url)
const __dirname = dirname(__filename) const __dirname = dirname(__filename)
const config = JSON.parse(readFileSync("server_config.json")); const config = JSON.parse(readFileSync('server_config.json'))
const time = Date.now(); const time = Date.now()
const original_log = console.log; const original_log = console.log
/** /**
* custom logging function * custom logging function
* @param {number} level importance level if information * @param {number} level importance level if information
@ -33,41 +33,48 @@ const original_log = console.log;
* @return {undefined} returns nothing * @return {undefined} returns nothing
*/ */
function log_info(level, ...info) { function log_info(level, ...info) {
let text = info; let text = info
if (text === undefined || text.length === 0) { if (text === undefined || text.length === 0) {
text = level; text = level
level = 5; level = 5
} }
if (config["logs"] && config["logs"]["level"] && config["logs"]["level"] >= level) { if (
let tolog = `[INFO] [${Date.now()}] : ${format(text)} \n`; config['logs'] &&
original_log(tolog); //still has some nicer colors config['logs']['level'] &&
config['logs']['level'] >= level
) {
let tolog = `[INFO] [${Date.now()}] : ${format(text)} \n`
original_log(tolog) //still has some nicer colors
ensureExists(__dirname + '/logs/', function (err) { ensureExists(__dirname + '/logs/', function (err) {
if (err) { if (err) {
process.stderr.write(tolog); //just write it to stderr process.stderr.write(tolog) //just write it to stderr
} } else {
else { appendFile(__dirname + '/logs/' + time, tolog, function (err) {
appendFile(__dirname + "/logs/" + time, tolog, function (err) {
if (err) { if (err) {
process.stderr.write(err); process.stderr.write(err)
} }
}); })
} }
}); })
} }
} }
//console.log = log_info; //console.log = log_info;
const hcaptcha_secret = config.hcaptcha_secret const hcaptcha_secret = config.hcaptcha_secret
// wrapper for the HCaptcha verify function // wrapper for the HCaptcha verify function
function verifyHCaptcha(token) { function verifyHCaptcha(token) {
return verifyHCaptcha_int(hcaptcha_secret,token,undefined,config.hcaptcha_sitekey) return verifyHCaptcha_int(
hcaptcha_secret,
token,
undefined,
config.hcaptcha_sitekey
)
} }
const WebSocket = ws.WebSocketServer; const WebSocket = ws.WebSocketServer
const router = Router(); const router = Router()
const app = express(); const app = express()
const con = mysql.createPool({ const con = mysql.createPool({
connectionLimit: config.mysql.connections, connectionLimit: config.mysql.connections,
host: config.mysql.host, host: config.mysql.host,
@ -75,8 +82,8 @@ const con = mysql.createPool({
password: readFileSync(config.mysql.password_file).toString(), password: readFileSync(config.mysql.password_file).toString(),
multipleStatements: true, multipleStatements: true,
supportBigNumbers: true, supportBigNumbers: true,
}); })
const cookiesecret = readFileSync("cookiesecret.txt").toString(); const cookiesecret = readFileSync('cookiesecret.txt').toString()
/** /**
* custom, bad random number generator * custom, bad random number generator
@ -85,194 +92,203 @@ const cookiesecret = readFileSync("cookiesecret.txt").toString();
*/ */
class RNG { class RNG {
constructor(seed) { constructor(seed) {
if (!seed) if (!seed) seed = Date.now()
seed = Date.now(); this.seed = seed
this.seed = seed;
this.random = function (min, max) { this.random = function (min, max) {
if (!min) if (!min) min = 0
min = 0;
if (!max) { if (!max) {
max = min; max = min
min = 0; min = 0
} }
this.seed += Math.log(Math.abs(Math.sin(this.seed)) * 100); this.seed += Math.log(Math.abs(Math.sin(this.seed)) * 100)
return Math.abs(Math.sin(this.seed)) * max + min; return Math.abs(Math.sin(this.seed)) * max + min
}; }
this.rand = function (min, max) { this.rand = function (min, max) {
return Math.floor(this.random(min, max)); return Math.floor(this.random(min, max))
}; }
} }
} }
const rand = new RNG(); const rand = new RNG()
const genstring_characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; const genstring_characters =
const genstring_charactersLength = genstring_characters.length; 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_'
const genstring_charactersLength = genstring_characters.length
/** /**
* generates a semi-random string * generates a semi-random string
* @param {number} length length of string to generate * @param {number} length length of string to generate
* @return {string} semi-random string generated * @return {string} semi-random string generated
*/ */
function genstring(length) { function genstring(length) {
let result = ""; let result = ''
for (let i = 0; i < length; i++) { for (let i = 0; i < length; i++) {
result += genstring_characters.charAt(rand.rand(genstring_charactersLength)); result += genstring_characters.charAt(
rand.rand(genstring_charactersLength)
)
} }
return result; return result
} }
var API_CALLS = {}; var API_CALLS = {}
var API_CALLS_ACCOUNT = {}; var API_CALLS_ACCOUNT = {}
var USER_CALLS = {}; var USER_CALLS = {}
var SESSIONS = {}; var SESSIONS = {}
var REVERSE_SESSIONS = {}; var REVERSE_SESSIONS = {}
var INDIVIDUAL_CALLS = {}; var INDIVIDUAL_CALLS = {}
/** /**
* clears current api call list (per IP) * clears current api call list (per IP)
* @return {undefined} returns nothing * @return {undefined} returns nothing
*/ */
function clear_api_calls() { function clear_api_calls() {
API_CALLS = {}; API_CALLS = {}
} }
/** /**
* clears current api account call list (per account) * clears current api account call list (per account)
* @return {undefined} returns nothing * @return {undefined} returns nothing
*/ */
function clear_account_api_calls() { function clear_account_api_calls() {
API_CALLS_ACCOUNT = {}; API_CALLS_ACCOUNT = {}
} }
/** /**
* clears current user file call list (per IP) * clears current user file call list (per IP)
* @return {undefined} returns nothing * @return {undefined} returns nothing
*/ */
function clear_user_calls() { function clear_user_calls() {
USER_CALLS = {}; USER_CALLS = {}
} }
setInterval(clear_api_calls, config.rate_limits.api.reset_time); setInterval(clear_api_calls, config.rate_limits.api.reset_time)
setInterval(clear_account_api_calls, config.rate_limits.api.reset_time); setInterval(clear_account_api_calls, config.rate_limits.api.reset_time)
setInterval(clear_user_calls, config.rate_limits.user.reset_time); setInterval(clear_user_calls, config.rate_limits.user.reset_time)
function increaseIndividualCall(url, req) { function increaseIndividualCall(url, req) {
let conf = config["rate_limits"]["individual"][url]; let conf = config['rate_limits']['individual'][url]
if (!conf) { if (!conf) {
//if(!url.startsWith("/avatars/")) //ignore avatars /* DEBUG: inidividual ratelimiters */ //if(!url.startsWith("/avatars/")) //ignore avatars /* DEBUG: inidividual ratelimiters */
//console.log(5, "url not in individual ratelimiter", url); /* DEBUG: inidividual ratelimiters */ //console.log(5, "url not in individual ratelimiter", url); /* DEBUG: inidividual ratelimiters */
return true; return true
} }
if (!conf["enabled"]) if (!conf['enabled']) return true
return true; let ip = getIP(req)
let ip = getIP(req); if (INDIVIDUAL_CALLS[ip] === undefined) INDIVIDUAL_CALLS[ip] = {}
if (INDIVIDUAL_CALLS[ip] === undefined) if (INDIVIDUAL_CALLS[ip][url] === undefined) INDIVIDUAL_CALLS[ip][url] = 0
INDIVIDUAL_CALLS[ip] = {};
if (INDIVIDUAL_CALLS[ip][url] === undefined)
INDIVIDUAL_CALLS[ip][url] = 0;
if (INDIVIDUAL_CALLS[ip][url] === 0) { if (INDIVIDUAL_CALLS[ip][url] === 0) {
setTimeout(function () { setTimeout(function () {
INDIVIDUAL_CALLS[ip][url] = 0; INDIVIDUAL_CALLS[ip][url] = 0
}, conf["reset_time"]); }, conf['reset_time'])
} }
INDIVIDUAL_CALLS[ip][url]++; INDIVIDUAL_CALLS[ip][url]++
if (INDIVIDUAL_CALLS[ip][url] >= conf["max"]) { if (INDIVIDUAL_CALLS[ip][url] >= conf['max']) {
console.log(3, "ratelimiting someone on", url, INDIVIDUAL_CALLS[ip][url], conf["max"],ip); console.log(
return false; 3,
'ratelimiting someone on',
url,
INDIVIDUAL_CALLS[ip][url],
conf['max'],
ip
)
return false
} }
return true; return true
} }
function increaseAccountAPICall(req, res) { function increaseAccountAPICall(req, res) {
let cookie = req.cookies.AUTH_COOKIE; let cookie = req.cookies.AUTH_COOKIE
if (!cookie) { if (!cookie) {
return true; return true
} }
let unsigned = unsign(cookie, req, res); let unsigned = unsign(cookie, req, res)
if (!unsigned) { if (!unsigned) {
return true; //if there's no account, why not just ignore it return true //if there's no account, why not just ignore it
} }
unsigned = decodeURIComponent(unsigned); unsigned = decodeURIComponent(unsigned)
if (!unsigned) if (!unsigned) return false
return false; let values = unsigned.split(' ')
let values = unsigned.split(" "); let username = values[0]
let username = values[0];
if (API_CALLS_ACCOUNT[username] === undefined) if (API_CALLS_ACCOUNT[username] === undefined)
API_CALLS_ACCOUNT[username] = 0; API_CALLS_ACCOUNT[username] = 0
if (API_CALLS_ACCOUNT[username] >= config.rate_limits.api.max_per_account) { if (API_CALLS_ACCOUNT[username] >= config.rate_limits.api.max_per_account) {
res.status(429); res.status(429)
res.send("You are sending way too many api calls!"); res.send('You are sending way too many api calls!')
return false; return false
} }
return true; return true
} }
function increaseAPICall(req, res, next) { function increaseAPICall(req, res, next) {
let ip = getIP(req); let ip = getIP(req)
if (API_CALLS[ip] === undefined) if (API_CALLS[ip] === undefined) API_CALLS[ip] = 0
API_CALLS[ip] = 0;
if (API_CALLS[ip] >= config.rate_limits.api.max_without_session) { if (API_CALLS[ip] >= config.rate_limits.api.max_without_session) {
if (REVERSE_SESSIONS[ip] && req.cookies.session !== REVERSE_SESSIONS[ip]) { //expected a session, but didn't get one if (
res.status(429); REVERSE_SESSIONS[ip] &&
res.send("You are sending way too many api calls!"); req.cookies.session !== REVERSE_SESSIONS[ip]
return; ) {
//expected a session, but didn't get one
res.status(429)
res.send('You are sending way too many api calls!')
return
} }
if (!req.cookies.session) { if (!req.cookies.session) {
let session; let session
do { do {
session = genstring(300); session = genstring(300)
} while (SESSIONS[session] !== undefined); } while (SESSIONS[session] !== undefined)
SESSIONS[session] = ip; SESSIONS[session] = ip
REVERSE_SESSIONS[ip] = session; REVERSE_SESSIONS[ip] = session
setTimeout(function () { setTimeout(function () {
SESSIONS[session] = undefined; SESSIONS[session] = undefined
REVERSE_SESSIONS[ip] = undefined; REVERSE_SESSIONS[ip] = undefined
}, 50000); }, 50000)
res.cookie('session', session, { maxAge: 100000, httpOnly: true, secure: true }); res.cookie('session', session, {
console.log(3, "sending session to " + ip); maxAge: 100000,
httpOnly: true,
secure: true,
})
console.log(3, 'sending session to ' + ip)
} }
} }
if (API_CALLS[ip] >= config.rate_limits.api.max_with_session) { if (API_CALLS[ip] >= config.rate_limits.api.max_with_session) {
res.status(429); res.status(429)
res.send("You are sending too many api calls!"); res.send('You are sending too many api calls!')
console.log(3, "rate limiting " + ip); console.log(3, 'rate limiting ' + ip)
return false; return false
} }
API_CALLS[ip]++; API_CALLS[ip]++
if (!increaseAccountAPICall(req, res)) if (!increaseAccountAPICall(req, res)) return false //can't forget account-based ratelimits
return false; //can't forget account-based ratelimits if (next) next()
if (next) return true
next();
return true;
} }
function increaseUSERCall(req, res, next) { function increaseUSERCall(req, res, next) {
let ip = getIP(req); let ip = getIP(req)
if (USER_CALLS[ip] === undefined) if (USER_CALLS[ip] === undefined) USER_CALLS[ip] = 0
USER_CALLS[ip] = 0;
if (USER_CALLS[ip] >= config.rate_limits.user.max) { if (USER_CALLS[ip] >= config.rate_limits.user.max) {
res.status(429); res.status(429)
res.send("You are sending too many requests!"); res.send('You are sending too many requests!')
console.log(2, "rate limiting " + ip); console.log(2, 'rate limiting ' + ip)
return false; return false
} }
USER_CALLS[ip]++; USER_CALLS[ip]++
if (next) if (next) next()
next(); return true
return true;
} }
console.log(5, "loading routes"); console.log(5, 'loading routes')
app.use(useragent.express()); app.use(useragent.express())
app.use(fileUpload({ app.use(
limits: { fileUpload({
files: 5, limits: {
fileSize: 1_000_000 files: 5,
} fileSize: 1_000_000,
})); },
})
)
app.use((_req, res, next) => { app.use((_req, res, next) => {
res.set("x-powered-by", "ipost"); res.set('x-powered-by', 'ipost')
res.set("X-Frame-Options","DENY"); res.set('X-Frame-Options', 'DENY')
res.set("X-XSS-Protection","1; mode=block"); res.set('X-XSS-Protection', '1; mode=block')
res.set("X-Content-Type-Options","nosniff"); res.set('X-Content-Type-Options', 'nosniff')
res.set("Referrer-Policy","no-referrer"); res.set('Referrer-Policy', 'no-referrer')
next() next()
}) })
app.use(bodyParser.default.json({ limit: "100mb" })); app.use(bodyParser.default.json({ limit: '100mb' }))
app.use(bodyParser.default.urlencoded({ limit: "100mb", extended: true })); app.use(bodyParser.default.urlencoded({ limit: '100mb', extended: true }))
app.use(cookieParser(cookiesecret)); app.use(cookieParser(cookiesecret))
app.use(compression()) app.use(compression())
let blocked_headers = [ let blocked_headers = [
'HTTP_VIA', 'HTTP_VIA',
@ -289,43 +305,42 @@ let blocked_headers = [
'FORWARDED', 'FORWARDED',
'CLIENT_IP', 'CLIENT_IP',
'FORWARDED_FOR_IP', 'FORWARDED_FOR_IP',
'HTTP_PROXY_CONNECTION' 'HTTP_PROXY_CONNECTION',
]; ]
if (!config.disallow_proxies_by_headers) { if (!config.disallow_proxies_by_headers) {
blocked_headers = []; blocked_headers = []
} }
app.use(function (_req, res, next) { app.use(function (_req, res, next) {
res.set("X-XSS-Protection", "1; mode=block"); res.set('X-XSS-Protection', '1; mode=block')
next(); next()
}); })
app.use("/*path", function (req, res, next) { app.use('/*path', function (req, res, next) {
for (let i = 0; i < blocked_headers.length; i++) { for (let i = 0; i < blocked_headers.length; i++) {
if (req.header(blocked_headers[i]) !== undefined) { if (req.header(blocked_headers[i]) !== undefined) {
res.json({ "error": "we don't allow proxies on our website." }); res.json({ error: "we don't allow proxies on our website." })
return; return
} }
} }
let fullurl = req.baseUrl + req.path; let fullurl = req.baseUrl + req.path
if (fullurl !== "/") { if (fullurl !== '/') {
fullurl = fullurl.substring(0, fullurl.length - 1); fullurl = fullurl.substring(0, fullurl.length - 1)
} }
if (!increaseIndividualCall(fullurl, req)) { if (!increaseIndividualCall(fullurl, req)) {
res.status(429); res.status(429)
res.json({ "error": "you are sending too many requests!" }); res.json({ error: 'you are sending too many requests!' })
return; return
} }
next(); next()
}); })
console.log(5, "finished loading user routes, starting with api routes"); console.log(5, 'finished loading user routes, starting with api routes')
/* /*
START /API/* START /API/*
*/ */
var wss; var wss
var commonfunctions = { var commonfunctions = {
increaseAPICall, increaseAPICall,
increaseUSERCall, increaseUSERCall,
@ -334,41 +349,39 @@ var commonfunctions = {
wss, wss,
genstring, genstring,
ensureExists, ensureExists,
"dirname": __dirname, dirname: __dirname,
config, config,
hcaptcha: { hcaptcha: {
"verify":verifyHCaptcha, verify: verifyHCaptcha,
"sitekey":config.hcaptcha_sitekey sitekey: config.hcaptcha_sitekey,
} },
}; }
SETUP_ROUTES(router,con,commonfunctions) SETUP_ROUTES(router, con, commonfunctions)
router.get('/api/getChannels', function (_req, res) {
router.get("/api/getChannels", function (_req, res) { res.set('Access-Control-Allow-Origin', '*')
res.set("Access-Control-Allow-Origin", "*"); let sql = `select post_receiver_name from ipost.posts where post_is_private = '0' group by post_receiver_name;`
let sql = `select post_receiver_name from ipost.posts where post_is_private = '0' group by post_receiver_name;`;
con.query(sql, [], function (err, result) { con.query(sql, [], function (err, result) {
if (err) if (err) throw err
throw err; res.json(result)
res.json(result); })
});
/* #swagger.security = [{ /* #swagger.security = [{
"appTokenAuthHeader": [] "appTokenAuthHeader": []
}] */ }] */
}); })
/* /*
END /API/* END /API/*
*/ */
console.log(5, "finished loading routes"); console.log(5, 'finished loading routes')
app.use(router); app.use(router)
const httpServer = http.createServer(app); const httpServer = http.createServer(app)
httpServer.listen(config["ports"]["http"], function () { httpServer.listen(config['ports']['http'], function () {
console.log(5, "HTTP Server is listening"); console.log(5, 'HTTP Server is listening')
}); })
wss = new WebSocket({ wss = new WebSocket({
server: httpServer, server: httpServer,
@ -376,27 +389,27 @@ wss = new WebSocket({
zlibDeflateOptions: { zlibDeflateOptions: {
chunkSize: 1024, chunkSize: 1024,
memLevel: 7, memLevel: 7,
level: 3 level: 3,
}, },
zlibInflateOptions: { zlibInflateOptions: {
chunkSize: 10 * 1024 chunkSize: 10 * 1024,
}, },
clientNoContextTakeover: true, clientNoContextTakeover: true,
serverNoContextTakeover: true, serverNoContextTakeover: true,
serverMaxWindowBits: 10, serverMaxWindowBits: 10,
concurrencyLimit: 10, concurrencyLimit: 10,
threshold: 1024 * 16 threshold: 1024 * 16,
} },
}); })
wss.on("connection", function connection(ws) { wss.on('connection', function connection(ws) {
ws.channel = "everyone"; ws.channel = 'everyone'
console.log(5,"new connection"); console.log(5, 'new connection')
ws.on("message", function incoming(message) { ws.on('message', function incoming(message) {
message = JSON.parse(message); message = JSON.parse(message)
if (message.id === "switchChannel") { if (message.id === 'switchChannel') {
ws.channel = decodeURIComponent(message.data); ws.channel = decodeURIComponent(message.data)
} }
}); })
}); })
commonfunctions.wss = wss; commonfunctions.wss = wss
console.log(5, "starting up all services"); console.log(5, 'starting up all services')

328
server_config.json
View File

@ -1,168 +1,168 @@
{ {
"allow_getotheruser_without_cookie": true, "allow_getotheruser_without_cookie": true,
"preferred_ip_header": "x-real-ip", "preferred_ip_header": "x-real-ip",
"only_prefer_when_ip": "::ffff:127.0.0.1", "only_prefer_when_ip": "::ffff:127.0.0.1",
"mysql": { "mysql": {
"connections":1000, "connections": 1000,
"host":"db", "host": "db",
"user":"ipost", "user": "ipost",
"password_file":"mysql_password.txt" "password_file": "mysql_password.txt"
},
"cookies": {
"server_hashes": 10000,
"client_hashes": 10
},
"rate_limits": {
"api": {
"reset_time": 40000,
"max_without_session": 30,
"max_with_session": 120,
"max_per_account": 200
}, },
"user": { "cookies": {
"reset_time": 30000, "server_hashes": 10000,
"max": 60 "client_hashes": 10
}, },
"individual": { "rate_limits": {
"/" : { "api": {
"enabled": true, "reset_time": 40000,
"max": 4, "max_without_session": 30,
"reset_time": 10000 "max_with_session": 120,
}, "max_per_account": 200
"/favicon.ico": { },
"enabled": true, "user": {
"max": 5, "reset_time": 30000,
"reset_time": 5000 "max": 60
}, },
"/js/warn_message.js" : { "individual": {
"enabled": true, "/": {
"max": 10, "enabled": true,
"reset_time": 5000 "max": 4,
}, "reset_time": 10000
"/js/addnavbar.js" : { },
"enabled": true, "/favicon.ico": {
"max": 10, "enabled": true,
"reset_time": 5000 "max": 5,
}, "reset_time": 5000
"/css/style.css" : { },
"enabled": true, "/js/warn_message.js": {
"max": 5, "enabled": true,
"reset_time": 5000 "max": 10,
}, "reset_time": 5000
"/css/logon.css" : { },
"enabled": true, "/js/addnavbar.js": {
"max": 10, "enabled": true,
"reset_time": 5000 "max": 10,
}, "reset_time": 5000
"/css/global.css" : { },
"enabled": true, "/css/style.css": {
"max": 10, "enabled": true,
"reset_time": 5000 "max": 5,
}, "reset_time": 5000
"/api/getuser" : { },
"enabled": true, "/css/logon.css": {
"max": 10, "enabled": true,
"reset_time": 10000 "max": 10,
}, "reset_time": 5000
"/api/getotheruser" : { },
"enabled": true, "/css/global.css": {
"max": 60, "enabled": true,
"reset_time": 10000 "max": 10,
}, "reset_time": 5000
"/login" : { },
"enabled": true, "/api/getuser": {
"max": 6, "enabled": true,
"reset_time": 10000 "max": 10,
}, "reset_time": 10000
"/settings" : { },
"enabled": true, "/api/getotheruser": {
"max": 4, "enabled": true,
"reset_time": 5000 "max": 60,
}, "reset_time": 10000
"/images/default_avatar.png" : { },
"enabled": true, "/login": {
"max": 20, "enabled": true,
"reset_time": 10000 "max": 6,
}, "reset_time": 10000
"/images/bot.png" : { },
"enabled": true, "/settings": {
"max": 10, "enabled": true,
"reset_time": 10000 "max": 4,
}, "reset_time": 5000
"/images/settings_min.png" : { },
"enabled": true, "/images/default_avatar.png": {
"max": 10, "enabled": true,
"reset_time": 10000 "max": 20,
}, "reset_time": 10000
"/js/markdown.js" : { },
"enabled": true, "/images/bot.png": {
"max": 5, "enabled": true,
"reset_time": 10000 "max": 10,
}, "reset_time": 10000
"/posts" : { },
"enabled": true, "/images/settings_min.png": {
"max": 5, "enabled": true,
"reset_time": 10000 "max": 10,
}, "reset_time": 10000
"/js/httppost.js" : { },
"enabled": true, "/js/markdown.js": {
"max": 10, "enabled": true,
"reset_time": 10000 "max": 5,
}, "reset_time": 10000
"/js/htmlescape.js" : { },
"enabled": true, "/posts": {
"max": 10, "enabled": true,
"reset_time": 10000 "max": 5,
}, "reset_time": 10000
"/api/getPosts" : { },
"enabled": true, "/js/httppost.js": {
"max": 10, "enabled": true,
"reset_time": 20000 "max": 10,
}, "reset_time": 10000
"/api/setBio": { },
"enabled": true, "/js/htmlescape.js": {
"max": 3, "enabled": true,
"reset_time": 20000 "max": 10,
}, "reset_time": 10000
"/api/setavatar": { },
"enabled": true, "/api/getPosts": {
"max": 6, "enabled": true,
"reset_time": 120000 "max": 10,
}, "reset_time": 20000
"/api/getPost": { },
"enabled": true, "/api/setBio": {
"max": 40, "enabled": true,
"reset_time": 30000 "max": 3,
}, "reset_time": 20000
"/api/pid": { },
"enabled": true, "/api/setavatar": {
"max": 30, "enabled": true,
"reset_time": 30000 "max": 6,
}, "reset_time": 120000
"api/getChannels": { },
"enabled": true, "/api/getPost": {
"max": 10, "enabled": true,
"reset_time": 20000 "max": 40,
}, "reset_time": 30000
"api/getPostsLowerThan": { },
"enabled": true, "/api/pid": {
"max": 20, "enabled": true,
"reset_time": 10000 "max": 30,
} "reset_time": 30000
} },
}, "api/getChannels": {
"logs": { "enabled": true,
"level": 5 "max": 10,
}, "reset_time": 20000
"ssl": { },
"privateKey": "/etc/letsencrypt/live/ipost.rocks-0002/privkey.pem", "api/getPostsLowerThan": {
"certificate" : "/etc/letsencrypt/live/ipost.rocks-0002/fullchain.pem" "enabled": true,
}, "max": 20,
"ports": { "reset_time": 10000
"http": 80, }
"https": 443 }
}, },
"disallow_proxies_by_headers": true, "logs": {
"hcaptcha_secret": "0x0000000000000000000000000000000000000000", "level": 5
"hcaptcha_sitekey": "10000000-ffff-ffff-ffff-000000000001" },
"ssl": {
"privateKey": "/etc/letsencrypt/live/ipost.rocks-0002/privkey.pem",
"certificate": "/etc/letsencrypt/live/ipost.rocks-0002/fullchain.pem"
},
"ports": {
"http": 80,
"https": 443
},
"disallow_proxies_by_headers": true,
"hcaptcha_secret": "0x0000000000000000000000000000000000000000",
"hcaptcha_sitekey": "10000000-ffff-ffff-ffff-000000000001"
} }

119
swagger.cjs
View File

@ -1,78 +1,79 @@
const fs = require('fs'); const fs = require('fs')
const swaggerAutogen = require('swagger-autogen')(); const swaggerAutogen = require('swagger-autogen')()
const doc = { const doc = {
info: { info: {
title: 'IPost API', title: 'IPost API',
description: 'the official IPost.rocks API documentation', description: 'the official IPost.rocks API documentation',
}, },
host: 'ipost.rocks', host: 'ipost.rocks',
schemes: ['https'], schemes: ['https'],
securityDefinitions: { securityDefinitions: {
appTokenAuthHeader: { appTokenAuthHeader: {
type: 'apiKey', type: 'apiKey',
in: 'header', // can be 'header', 'query' or 'cookie' in: 'header', // can be 'header', 'query' or 'cookie'
name: 'ipost-auth-token', // name of the header, query parameter or cookie name: 'ipost-auth-token', // name of the header, query parameter or cookie
description: 'authenticate using the authentication object in the header' description:
} 'authenticate using the authentication object in the header',
} },
}; },
const outputFile = './swagger-api.json';
const tempFile = './swagger-output.json';
const endpointsFiles = ['./server.js'];
function pushdirectory(currentpath) {
fs.readdirSync(currentpath, {
withFileTypes: true
}).forEach(dirent => {
if (dirent.isFile()) {
endpointsFiles.push(currentpath + dirent.name);
} else {
pushdirectory(currentpath + dirent.name + "/");
}
});
} }
pushdirectory("./routes/"); const outputFile = './swagger-api.json'
const tempFile = './swagger-output.json'
const endpointsFiles = ['./server.js']
swaggerAutogen(tempFile, endpointsFiles, doc); function pushdirectory(currentpath) {
fs.readdirSync(currentpath, {
withFileTypes: true,
}).forEach((dirent) => {
if (dirent.isFile()) {
endpointsFiles.push(currentpath + dirent.name)
} else {
pushdirectory(currentpath + dirent.name + '/')
}
})
}
pushdirectory('./routes/')
swaggerAutogen(tempFile, endpointsFiles, doc)
/* /*
Replace some error codes with own error codes, as described in error_codes.txt Replace some error codes with own error codes, as described in error_codes.txt
*/ */
const to_replace = { const to_replace = {
"401": "login error (invalid cookie)", 401: 'login error (invalid cookie)',
"402": "login error (bad cookie)", 402: 'login error (bad cookie)',
"403": "login error (no cookie)", 403: 'login error (no cookie)',
"410": "argument/data error",
"411": "argument/data error",
"412": "argument/data error",
"413": "argument/data error",
"414": "argument/data error",
"415": "argument/data error",
"416": "argument/data error",
"417": "argument/data error",
"418": "argument/data error",
"419": "argument/data error",
"420": "invalid authetication object",
410: 'argument/data error',
411: 'argument/data error',
412: 'argument/data error',
413: 'argument/data error',
414: 'argument/data error',
415: 'argument/data error',
416: 'argument/data error',
417: 'argument/data error',
418: 'argument/data error',
419: 'argument/data error',
420: 'invalid authetication object',
} }
let file = JSON.parse(fs.readFileSync(tempFile, 'utf8')); let file = JSON.parse(fs.readFileSync(tempFile, 'utf8'))
for (let path in file.paths) { for (let path in file.paths) {
for (let method in file.paths[path]) { for (let method in file.paths[path]) {
for (let response in file.paths[path][method].responses) { for (let response in file.paths[path][method].responses) {
if (to_replace[response]) { if (to_replace[response]) {
file.paths[path][method].responses[response].description = to_replace[response]; file.paths[path][method].responses[response].description =
} to_replace[response]
}
}
} }
}
} }
file = JSON.stringify(file); file = JSON.stringify(file)
console.log(file) console.log(file)
fs.writeFileSync(outputFile, file); fs.writeFileSync(outputFile, file)
fs.rmSync(tempFile); fs.rmSync(tempFile)